On Tue, 2006-01-17 at 11:41 -0600, John Jolet wrote: > On Jan 17, 2006, at 11:35 AM, Michael Sullivan wrote: > > > On Tue, 2006-01-17 at 11:20 -0600, John Jolet wrote: > >> On Jan 17, 2006, at 11:14 AM, Michael Sullivan wrote: > >> > >>> I'm concerned. When I got out of the shower just now and came to > >>> check > >>> my email, I didn't have any. Concerned that sendmail might not be > >>> running, I ps'd for it: > >>> > >>> bullet mail # ps ax | grep 'sendmail' > >>> 9939 ? Ss 0:00 sendmail: Queue [EMAIL PROTECTED]:30:00 > >>> for /var/spool/clientmqueue > >>> 10305 ? Ss 0:00 sendmail: accepting connections > >>> 10801 ? S 0:00 sendmail: ./k0FKmpDE010833 > >>> gpeplpqel.shankscape.com.: user open > >>> 10810 pts/0 R+ 0:00 grep sendmail > >>> > >>> > >>> I see that sendmail is connected with gpeplpqel.shankscape.com. I > >>> assume that someone at that host is trying to send mail to my > >>> domain, > >>> but I checked /var/spool/mail and I didn't see anything from > >>> them. I > >>> ps'd sendmail again and saw that they were no longer connected. I > >>> checked /var/log/maillog and see a bunch of these: > >>> > >>> Jan 17 11:04:10 bullet sm-mta[10801]: k0FKmpDE010833: > >>> to=<[EMAIL PROTECTED]>, delay=1+20:15:18, > >>> xdelay=00:03:10, mailer=esmtp, pri=8599167, > >>> relay=gpeplpqel.shankscape.com. [69.25.212.153], dsn=4.0.0, > >>> stat=Deferred: Connection timed out with gpeplpqel.shankscape.com. > >>> > >>> Is there a way to make sure that unauthorized people are not sending > >>> mail through my domain? > >>> > >> telnet yourdomain.com 25 > >> helo somedomain.com > >> msg from someforeigndomain.com > >> rcpt to someotherforeigndomain.com > >> > >> see if it slaps you down (note, i may have the msg from and rcpt to > >> backwards, always forget) > >>> > >>> -- > >>> gentoo-user@gentoo.org mailing list > >>> > >> > > > > I think I messed up the syntax somewhere: > > > > camille ~ # telnet espersunited.com 25 > > Trying 64.149.52.102... > > Connected to espersunited.com. > > Escape character is '^]'. > > 220 bullet.espersunited.com ESMTP Sendmail 8.13.4/8.13.4; Tue, 17 Jan > > 2006 11:33:21 -0600 > > helo somedomain.com > > 250 bullet.espersunited.com Hello [192.168.1.1], pleased to meet you > > msg from someforeigndomain.com > > 500 5.5.1 Command unrecognized: "msg from someforeigndomain.com" > > rcpt to someotherforeigndomain.com > > 503 5.0.0 Need MAIL before RCPT > > > > > mail from instead of msg from. my bad.
[EMAIL PROTECTED] ~ $ telnet espersunited.com 25 Trying 64.149.52.102... Connected to espersunited.com. Escape character is '^]'. 220 bullet.espersunited.com ESMTP Sendmail 8.13.4/8.13.4; Tue, 17 Jan 2006 13:30:58 -0600 helo somedomain.com 250 bullet.espersunited.com Hello [192.168.1.1], pleased to meet you mail from someforeigndomain.com 501 5.5.2 Syntax error in parameters scanning "from" rcpt to someotherforeigndomain.com 503 5.0.0 Need MAIL before RCPT -- gentoo-user@gentoo.org mailing list
