l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2006 Apr 22 12:06

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] strange postfix error message
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] strange postfix error message



On Thu, Apr 20, 2006 at 08:48:27PM -0700, Cylar Z wrote:
> Hey all,
> 
> I run FC5. I'm also running Postfix as my mail daemon
> with a program called LogWatch that mails a system log
> summary each day to my root account.
> 
> While browsing this logwatch yesterday, the following
> snippet appeared in the Postfix section:
> 
>  --------------------- postfix Begin
> ------------------------
> 
>  5978 bytes transferred
>  2 messages sent
>  2 messages removed from queue
> 
>  Relaying denied: 2 Time(s)
> 
>  Unrecognized warning:
>     
> 219-84-126-227-adsl-tpe.dynamic.so-net.net.tw[219.84.126.227]
> sent non-SMTP                                         
>     command: Subject:?erelay ok?f<my-ip-address-here>
> : 1 Time(s)
>      personaljames.com[82.165.30.80] sent non-SMTP
> command: From: "Chase Online"                         
>                    <online@chase.com> : 1 Time(s)
> 
>  ---------------------- postfix End
> --------------------------
> (the field containing <my-ip-address-here> really did
> have my actual IP listed, which I am keeping
> confidential for security reasons.)
> 
> What exactly is that error message I see listed under
> "unrecognized warning?" I don't think it's a mail
> relay attempt, since it says just above that the
> system already denied two of those. Is this some kind
> of attempt to break into the system through the SMTP
> port, and if so, is there any indication the cracker
> was successful?

It looks to me like the relay started sending the message content before
it issued an SMTP DATA command.

-- 
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
http://micah.cowan.name/
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.