On Thu, Jan 05, 2006 at 10:17:53AM -0500, David F. Skoll wrote: > > Are you sure they just sit there after the initial connect? If so, you > > should > > also see the "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" > > message logged at the same time as the timeout. > > Does Sendmail log that message if *it* closes the connection? I thought it > only did so if the client closes the connection.
Yes, at least, my own test against a 8.13.3 sendmail does so. > They may not actually be sitting doing nothing. I traced one which issued > a RCPT command and then sat for over 10 minutes doing nothing. I killed > it after 10 minutes, so don't know if it ever would have issued another > command. It might be a spambot running on some lusers DSL connection who noticed the strange activity (or his ISP did) and simply terminated the DSL connection immediately. You'd be left (on your side) with a half-open TCP connection, and not know about it until the timeout comes. This might even be common for infected DSL machines where the user thinks: "time for lunch, *click*". -- #!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]> $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang