[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] unusual -- can someone tell me what this means?
- Subject: Re: [cobalt-security] unusual -- can someone tell me what this means?
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Fri, 24 May 2002 03:01:20 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
SW> Date: Thu, 23 May 2002 11:23:47 -0500
SW> From: Sean Ward
[ somewhat snipped throughout ]
This question might be more appropriate for the -users list, as
it isn't really a security question per se.
SW> This is very odd stuff. nimitz.fibr.net is not one of my
SW> domains, nor is it a domain I would receive mail at. The
SW> attachment of the bounced mail was a log file forwarded off
SW> the RAQ to an admin alias.
SW> tcp 0 1 [domain_deleted]:4989 nimitz.fibr.net:smtp
SW> SYN_SENT
Your RAQ is attempting to send mail to an account for which
nimitz.fibr.net is the MX. I imagine that [domain_deleted]
refers to your RAQ.
SYN_SENT means that the TCP handshake could not be completed,
that it never received the requisite SYN+ACK reply.
SW> Several messages have wound up in my mailbox:
SW>
SW>
SW> **********************************************
SW> ** THIS IS A WARNING MESSAGE ONLY **
SW> ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
SW> **********************************************
SW>
SW> The original message was received at Thu, 23 May 2002 06:01:02 -0400
SW> from root@localhost
SW>
SW> ----- The following addresses had transient non-fatal errors -----
SW> [forwarding@xxxxxxxxxxxxxxx]
SW> (expanded from: admin)
When Sendmail cannot establish a connection to the machine on the
other end, it treats the error as transient. As it should -- if
a machine is down, Sendmail will keep trying.
SW> ----- Transcript of session follows -----
SW> [forwarding@xxxxxxxxxxxxxxx]... Deferred: Connection timed out with
SW> nimitz.fibr.net.
SW> Warning: message still undelivered after 4 hours
SW> Will keep trying until message is 5 days old
Looks like your box is trying to send a message to someone at
nimitz.fibr.net -- you might search the mail queue for more info.
If I had to guess:
1) You're sending mail to someone there --OR--
2) Someone spammed you, claiming to be from a domain for which
nimitz.fibr.net is the MX. Your RAQ generated some sort of
bounce that cannot be delivered.
HTH.
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.