* Quoting César Augusto Seronni Filho ([EMAIL PROTECTED]): > hi guys in my maillog I am receiving many strange message on sendmail like > that: > May 10 18:52:50 xserver sendmail[4444]: g4AIRfa02119: > to=<[EMAIL PROTECTED]>, ctladdr=<one of my user mail> (638/45), > delay=03:25:09, xdelay=00:00:00, mailer=esmtp, pri=607606, > relay=company.com., dsn=4.0.0, stat=Deferred: Connection timed out with > company.com.
company.com might be down. Sendmail will retry later. > look that <one of my user mail> is one registred email with my domain. The > messages points aways to the same user email. > > and the other strange thing is that when i try to check the > conections(netstat -at) there are one strange like that: > tcp 0 1 myserver:35169 mywebos.com:smtp SYN_SENT > when I use netstat -atn looks like that: > tcp 0 1 myserver:35169 208.49.229.140:25 SYN_SENT > > and look that this ip(208.49.229.140.25) is not owned by mywebos.com > > I think it is spoofed Probably a typo: 18:07 [EMAIL PROTECTED]:~$ host 208.49.229.140 Name: mywebos.com Address: 208.49.229.140 > Maybe this is an attack? Unlikely. The connections origin is your server. > What i can do? Lean back. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]