Web Hosting Talk






PDA

View Full Version : sendmail weirdness after os2?

skylab
03-30-2002, 06:04 AM
well, the os2 and relative updates have all gone ok so far. except for stupid webalizer, this small proftpd problem(fixed now i hope), and i have this hellafied sendmail stuff going on.

ever since the os2 and relative updates, i've been getting tons of this in my logs:

Mar 29 12:14:21 ns1 sendmail[19060]: g2THELx19060: POSSIBLE ATTACK from "my.ip.my.dsl.company": newline in string
"my.computer.name"
Mar 29 12:25:28 ns1 sendmail[19618]: g2THPSx19618: POSSIBLE ATTACK from "my.ip.my.dsl.company": newline in string
"my.computer.name"
Mar 29 13:20:39 ns1 sendmail[23218]: g2TIKdx23218: POSSIBLE ATTACK from "my.ip.my.dsl.company": newline in string
"my.computer.name"
Mar 29 18:46:40 ns1 sendmail[10744]: g2TNkex10744: POSSIBLE ATTACK from "my.ip.my.dsl.company": newline in string
"my.computer.name"


any ideas?
skylab
03-31-2002, 05:21 AM
anyone? i'm still getting the above 5 or 6 times as "active system attacks" (but it's from my home IP and computer name, which IS NOT comprised).


i'm also getting about 100 of this a day now as well:
Mar 30 04:30:05 ns1 sendmail[811]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 30 04:45:02 ns1 sendmail[1680]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Mar 30 05:00:03 ns1 sendmail[2808]: NOQUEUE: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

it's every 15, so i know it's a log of some sort, but which and how to stop the errors?


ALSO, heh, i hate cobalt, i'm getting about 50 or so attempts to relay through my box. i have had ordb.org test my box for relay and it has passed their tests fine, but, i'm still getting tons of errors such as this:

Mar 30 07:28:39 ns1 sendmail[10390]: g2UCSXX10390: ruleset=check_rcpt, arg1=<viron@edunet.kmec.net>, relay=[211.106.197.121],
reject=550 5.7.1 <viron@edunet.kmec.net>... Relaying denied. IP name lookup failed [211.106.197.121]
Mar 30 07:28:53 ns1 sendmail[10392]: g2UCShX10392: ruleset=check_rcpt, arg1=<virtual@keobuksun.keimyung.ac.kr>,
relay=[211.106.197.121], reject=550 5.7.1 <virtual@keobuksun.keimyung.ac.kr>... Relaying denied. IP name lookup failed
[211.106.197.121]

is there a way to block those IPs? say through hosts.deny or something in sendmail config?


I SHOULD ADD, that i had never seen attempts to relay through my box UNTIL i did os2 update + php. i guess that's all a matter of timing. HOWEVER, i have never seen the above post's errors until after os2 and those MTA errors also came back after OS2.

so yeah. i don't think that's a coincidence.