|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Huge number of entries in /var/log/maillog
From: Paul Greene (pauljgreene
comcast.net)
Date: Fri Aug 01 2003 - 23:50:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've recently started noticing a huge amount of mail log files being
generated on my home system. I'm not sure if I just have some network
parameters set incorrectly and sendmail is freaking out, or if someone
has managed to muck into my system for some nefarious purpose.
The way I have things set up:
There are two servers; one running obsd 3.2, used for firewall and NAT.
Another box is running obsd 3.3, and has Apache webserver activated.
Traffic is redirected to the webserver from the firewall using a
redirect statement in pf.conf. The firewall blocks all services on its
external interface except ssh and http.
The symptoms of the problem:
On the webserver, a huge amount of these entries are being generated in
/var/log/maillog.
Aug 1 23:01:27 webserver sm-msp-queue[1026]: h6S6U2hW010919:
to=postmaster, delay=4+21:30:04, xdelay=00:00:00, mailer=relay,
pri=21186892, relay=ds1.domainspa.com., dsn=4.0.0, stat=Deferred:
Connection timed out with ds1.domainspa.com.
On the firewall I'm getting a whole bunch of these messages:
Aug 1 23:01:18 <sanitized_host_name> sm-msp-queue[30220]:
h6S6U2GF021761: to=postmaster, delay=4+21:29:59, xdelay=00:00:00,
mailer=relay, pri=21185783, relay=localhost.home.net., dsn=4.0.0,
stat=Deferred: Connection timed out with localhost.home.net.
When I installed obsd on both, I did not enable sendmail on either one,
but both of them appear to have sendmail listening on port 25. The
curious thing is that netstat -a shows smtp listening on both if run on
localhost, but if nmap is run remotely on either box, port 25 appears to
be closed.
So, I'm not sure what's going on?! Is this "ds1.domainspa.com" a likely
culprit in something? i.e. trying to use me as a spam relay? Or is
possibly my network configuration a little goofy which might be causing
sendmail to puke on itself?
/etc/hosts on both the webserver and firewall contains:
::1 localhost.home.net localhost
127.0.0.1 localhost.home.net localhost
192.168.1.2 webserver.home.net webserver
Any suggestions greatly appreciated.
Oh, and btw, I've added an incoming rule to pf.conf to block
domainspa.com from coming into my network, and configured it to log any
connections, but nothing is showing up in pflog.
PG
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]