Hi.
I've noticed a number of attack-like "mail failures". The rate at
which we see them comes and goes at different times of the day; when
they're active they pass through at the rate of 1 or 2 per minute.
Here's an example, for the list [EMAIL PROTECTED] (we've seen
this for other alu.org lists too).
/var/log/maillog:
Mar 13 02:56:28 bibop postfix/smtpd[17886]: connect from
localhost[127.0.0.1]
Mar 13 02:56:28 bibop postfix/smtpd[17886]: 12C1C12CCEB:
client=localhost[127.0.0.1]
Mar 13 02:56:28 bibop postfix/smtpd[17886]: 12C1C12CCEB: reject: RCPT from
localhost[127.0.0.1]: 450 <[EMAIL PROTECTED]>: User unknown in local recipient
table; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
helo=
Mar 13 02:56:29 bibop postfix/smtpd[17886]: disconnect from
localhost[127.0.0.1]
/usr/local/mailman/smtp-failure:
Mar 13 02:56:29 2005 (2547) All recipients refused: {'[EMAIL PROTECTED]':
(450, '<[EMAIL PROTECTED]>: User unknown in local recipient table')}, msgid:
<[EMAIL PROTECTED]>
Mar 13 02:56:29 2005 (2547) delivery to [EMAIL PROTECTED] failed with code
450: <[EMAIL PROTECTED]>: User unknown in local recipient table
/usr/local/mailman/smtp:
Mar 13 02:56:29 2005 (2547) <[EMAIL PROTECTED]> smtp for 1 recips,
completed in 1.027 seconds
/usr/local/mailman/post:
Mar 13 02:56:29 2005 (2547) post to alu-board-only from [EMAIL PROTECTED],
size=1066, message-id=<[EMAIL PROTECTED]>, 1 failures
What I'd like to know is where (and from apparantly who) this message
originated, but I can't figure out from these logs what's going on.
It looks like an attempt from the Outgoing qrunner to send mail to
alu-board-only (hence the alu-board-only-bounces return address), with
[EMAIL PROTECTED] as one of the addressees, which doesn't make sense.
Any ideas?
Thanks,
- nick
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp