drobbins
5th March 2005, 03:37 PM
Hello All,
I've got a box with a clean FC3 installation
I'm using sendmail as an MTA
I set it up using these instructions
http://www.brennan.id.au/12-Sendmail_Server.html
This guy's tutorials are realy quite good
Each day somebody does a logfile analysis on my machine and send me the results
I'd be tickled if someone explained to me just how this works :)
Anyway the stuff about sendmail looks like this
--------------------- sendmail Begin ------------------------
Bytes Transferred: 2740571
Messages Sent: 94
Total recipients: 116
WARNING!!!!
Possible Attack:
Attempt from UNKNOWN with:
Fixed MIME Content-Type header field : 1 Time(s)
Unknown local users:
Total: 8
Top relays (recipients/connections - min 10 rcpts, max 50 lines):
35/26: lists.netspace.org [64.61.61.196]
Relaying denied:
From [220.173.108.144] to cara@donate-your-car.com: 1 Time(s)
Total: 1
Client quit before communicating:
211.221.64.221 : 1 Time(s)
217.95.239.201 : 1 Time(s)
222.105.75.212 : 1 Time(s)
61.173.14.53 : 1 Time(s)
68.148.102.70 : 1 Time(s)
80.121.72.146 : 1 Time(s)
83.29.142.243 : 1 Time(s)
83.97.146.72 : 1 Time(s)
BlackHole Totals:
Unresolved sender domains:
kkiagb@pilot.ac: 1 Time(s)
Total: 1
Summary:
Total Mail Rejected: 10
---------------------- sendmail End -------------------------
The machine is just for my home use and has 3-4 acounts on it
I don't believe it should be sending ~100 mails a day
Is someone relaying through my machine
I setup the access.db just like that guy suggested
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.10 RELAY
mydomain.com RELAY
shouldn't this prevent anyone not on my local network from sending mail from my machine?
I do have 1 Windoz machine on my network, could it be compromised? (silly quetsion)
How can I get more detailed info on just who is sending mail from my machine??
TIA
Dave
I've got a box with a clean FC3 installation
I'm using sendmail as an MTA
I set it up using these instructions
http://www.brennan.id.au/12-Sendmail_Server.html
This guy's tutorials are realy quite good
Each day somebody does a logfile analysis on my machine and send me the results
I'd be tickled if someone explained to me just how this works :)
Anyway the stuff about sendmail looks like this
--------------------- sendmail Begin ------------------------
Bytes Transferred: 2740571
Messages Sent: 94
Total recipients: 116
WARNING!!!!
Possible Attack:
Attempt from UNKNOWN with:
Fixed MIME Content-Type header field : 1 Time(s)
Unknown local users:
Total: 8
Top relays (recipients/connections - min 10 rcpts, max 50 lines):
35/26: lists.netspace.org [64.61.61.196]
Relaying denied:
From [220.173.108.144] to cara@donate-your-car.com: 1 Time(s)
Total: 1
Client quit before communicating:
211.221.64.221 : 1 Time(s)
217.95.239.201 : 1 Time(s)
222.105.75.212 : 1 Time(s)
61.173.14.53 : 1 Time(s)
68.148.102.70 : 1 Time(s)
80.121.72.146 : 1 Time(s)
83.29.142.243 : 1 Time(s)
83.97.146.72 : 1 Time(s)
BlackHole Totals:
Unresolved sender domains:
kkiagb@pilot.ac: 1 Time(s)
Total: 1
Summary:
Total Mail Rejected: 10
---------------------- sendmail End -------------------------
The machine is just for my home use and has 3-4 acounts on it
I don't believe it should be sending ~100 mails a day
Is someone relaying through my machine
I setup the access.db just like that guy suggested
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.10 RELAY
mydomain.com RELAY
shouldn't this prevent anyone not on my local network from sending mail from my machine?
I do have 1 Windoz machine on my network, could it be compromised? (silly quetsion)
How can I get more detailed info on just who is sending mail from my machine??
TIA
Dave
