[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] unusual -- can someone tell me what this means?

Subject: Re: [cobalt-security] unusual -- can someone tell me what this means?
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
Date: Fri, 24 May 2002 03:01:20 +0000 (GMT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

SW> Date: Thu, 23 May 2002 11:23:47 -0500
SW> From: Sean Ward

[ somewhat snipped throughout ]


This question might be more appropriate for the -users list, as
it isn't really a security question per se.


SW> This is very odd stuff. nimitz.fibr.net is not one of my
SW> domains, nor is it a domain I would receive mail at. The
SW> attachment of the bounced mail was a log file forwarded off
SW> the RAQ to an admin alias.

SW> 	tcp   0   1 [domain_deleted]:4989   nimitz.fibr.net:smtp
SW> SYN_SENT

Your RAQ is attempting to send mail to an account for which
nimitz.fibr.net is the MX.  I imagine that [domain_deleted]
refers to your RAQ.

SYN_SENT means that the TCP handshake could not be completed,
that it never received the requisite SYN+ACK reply.


SW> Several messages have wound up in my mailbox:
SW> 
SW> 
SW>     **********************************************
SW>     **      THIS IS A WARNING MESSAGE ONLY      **
SW>     **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
SW>     **********************************************
SW> 
SW> The original message was received at Thu, 23 May 2002 06:01:02 -0400
SW> from root@localhost
SW> 
SW>    ----- The following addresses had transient non-fatal errors -----
SW> [forwarding@xxxxxxxxxxxxxxx]
SW>     (expanded from: admin)

When Sendmail cannot establish a connection to the machine on the
other end, it treats the error as transient.  As it should -- if
a machine is down, Sendmail will keep trying.


SW>    ----- Transcript of session follows -----
SW> [forwarding@xxxxxxxxxxxxxxx]... Deferred: Connection timed out with
SW> nimitz.fibr.net.
SW> Warning: message still undelivered after 4 hours
SW> Will keep trying until message is 5 days old

Looks like your box is trying to send a message to someone at
nimitz.fibr.net -- you might search the mail queue for more info.

If I had to guess:

1) You're sending mail to someone there --OR--
2) Someone spammed you, claiming to be from a domain for which
   nimitz.fibr.net is the MX.  Your RAQ generated some sort of
   bounce that cannot be delivered.

HTH.


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.

References:
- [cobalt-security] unusual -- can someone tell me what this means?
  - From: Sean Ward

Prev by Date: [cobalt-security] unusual -- can someone tell me what this means?
Next by Date: [cobalt-security] Security Problem in Pass
Previous by thread: [cobalt-security] unusual -- can someone tell me what this means?
Next by thread: [cobalt-security] Security Problem in Pass

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index