13:57:45 4 SMTP(tcp) Connection request from [204.127.198.35:34977],seq=4074, 9/10
13:57:45 4 SMTP Line 13430 created for answering
13:57:45 4 SMTP-430() Got connection from [204.127.198.35:34977]
13:57:45 4 SMTP(tcp) Connection accepted from [204.127.198.35:34977], seq=4074, 9/10
13:57:45 4 SMTP-430([204.127.198.35]) Sending 220-Stalker Internet Mail Server V.1.8b7 is ready.\r\n220 ESMTP is spoken here. You are welcome\r\n
13:57:45 4 SMTP-430([204.127.198.35]) Looking for 35.198.127.204.206.253.56.66
13:57:45 4 SMTP-430([204.127.198.35]) Input Line: EHLO rwcrmhc11.comcast.net\r
13:57:45 4 SMTP-430(rwcrmhc11.comcast.net) Looking for rwcrmhc11.comcast.net
13:57:45 4 SMTP-430(rwcrmhc11.comcast.net) Sending 250-beloit-kansas.com is pleased to meet you\r\n250-HELP\r\n250-PIPELINING\r\n250-ETRN\r\n250 EHLO\r\n
13:57:45 4 SMTP-430(rwcrmhc11.comcast.net) Input Line: MAIL FROM:<[EMAIL PROTECTED]>\r
13:58:00 3 SMTP-429(rwcrmhc12.comcast.net) Return-Path-A Search Error. Error Code=-3162
13:58:00 4 SMTP-429(rwcrmhc12.comcast.net) Sending 472 <[EMAIL PROTECTED]> cannot be verified now\r\n
13:58:00 4 SMTP-429(rwcrmhc12.comcast.net) Input Line: RSET\r
13:58:00 4 SMTP-429(rwcrmhc12.comcast.net) Sending 250 SMTP state reset\r\n
13:58:02 4 SMTP-429(rwcrmhc12.comcast.net) Input Line: QUIT\r
13:58:02 4 SMTP-429(rwcrmhc12.comcast.net) Sending 221 beloit-kansas.com closing connection\r\n
13:58:02 4 SMTP-429(rwcrmhc12.comcast.net) Closing
13:58:02 4 SMTP-429(rwcrmhc12.comcast.net) Nothing read - stream closed
13:58:02 4 SMTP-429(rwcrmhc12.comcast.net) Input Stream ended
13:58:02 3 SMTP-429(rwcrmhc12.comcast.net) Abort Received, reason=14961446
13:58:02 4 SMTP disposing line 13429
13:58:16 4 SMTP-430(rwcrmhc11.comcast.net) No relay exists for 'home.com'
13:58:16 4 SMTP-430(rwcrmhc11.comcast.net) Looking for home.com
13:58:47 3 SMTP-430(rwcrmhc11.comcast.net) Return-Path-A Search Error. Error Code=-3162
13:58:47 4 SMTP-430(rwcrmhc11.comcast.net) Sending 472 <[EMAIL PROTECTED]> cannot be verified now\r\n
13:58:47 4 SMTP-430(rwcrmhc11.comcast.net) Input Line: RSET\r
13:58:47 4 SMTP-430(rwcrmhc11.comcast.net) Sending 250 SMTP state reset\r\n
13:58:49 4 SMTP-430(rwcrmhc11.comcast.net) Input Line: QUIT\r
13:58:49 4 SMTP-430(rwcrmhc11.comcast.net) Sending 221 beloit-kansas.com closing connection\r\n
13:58:49 4 SMTP-430(rwcrmhc11.comcast.net) Closing
13:58:49 4 SMTP-430(rwcrmhc11.comcast.net) Nothing read - stream closed
13:58:49 4 SMTP-430(rwcrmhc11.comcast.net) Input Stream ended
13:58:49 4 SMTP disposing line 13430
On Sunday, August 3, 2003, at 01:13 PM, Global Homes Webmaster wrote:
I've been getting the following in my logs since July 5. Could this be
a worm that is going around? I have found out from other contacts, that
a contact with my address in their address book and that has a
comcast.net address does have a virus/worm. Is that what this log
indicates, or is this from something else? It is still going on as now,
and by looking at the size of my log files, is steadily getting worse.
The 'Return-Path-A Search Error' means that SIMS can't find an A record for
the domain of whatever Return Path was offered for the message that
rwcrmhc12.comcast.net is trying to send. You won't know what the return
path is unless you set your SMTP logging to something deeper than level 3.
The 'Abort Received' means that, for those connections, the connection was
dropped abnormally for some reason. Those two entries, in and of themselves
don't tell us much about the nature of the messages that
rwcrmhc12.comcast.net is trying to send. However, the frequency and
persistence of the attempts could well be consistent with an e-mail virus
attempting to propagate itself. Since you've got Return-Path checking
turned on, SIMS should be rejecting these messages because of the return
path domain failing to resolve. You might want to temporarily turn your
SMTP logging level up so that you can see the SMTP conversation and get
more information about the sender and the intended recipient.
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
