[PLUG] Unusal Sendmail Message
Russ Johnson
russj at dimstar.net
Mon May 20 17:00:50 UTC 2002
At 05:42 AM 5/20/2002 -0700, you wrote:
>Yesterday, /var/log/maillog reported this:
>
>May 19 16:03:44 lana sendmail[5857]: g4JN3hm05857:
><WEBMASTER at MANYMOONS.NET>... User unknown
>May 19 16:03:44 lana sendmail[5857]: g4JN3hm05857:
>from=<mmailco at mail.com>, size=18058, class=0, nrcpts=0, proto=ESMTP,
>daemon=MTA, relay=IDENT:root at ids.pchelp.net [207.250.122.28] (may be
>forged)
>
>Is this something I should worry about? The user webmaster does not
>exist, but what I am worried is that someone is trying to spam through
>my sendmail server.
Do you accept mail for the domain "manymoons.net"?
If you do, then this is a normal message that sendmail has accepted a
message, but doesn't know who the user is (which you say is correct).
The relay is most likely (you don't give us the "Connect" line, so I can't
be sure) the system that delivered the message to your mail server, but, as
Sendmail said, it may be forged.
Yes, it's probably spam. mail.com is a known spamhouse.
No, it doesn't look like they are trying to relay through you. At least,
not from what you have above.
Russ Johnson
http://www.dimstar.net
111,111,111 x 111,111,111 = 12,345,678,987,654,321
More information about the PLUG
mailing list