[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] suspicious wtmp log email
- Subject: [cobalt-security] suspicious wtmp log email
- From: "David Black" <DavidBlack@xxxxxxxxxxxxxxx>
- Date: Sun, 14 Jul 2002 20:24:53 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Has anyone else been receiving these suspicious email bounces?
It appears the original message attempted to send my wtmp log
to supportd@xxxxxxxx, but my mail log has no such entries:
BEGIN SUSPICIOUS MESSAGE:
============================================================
>From MAILER-DAEMON Sun Jul 14 10:00:56 2002
Return-Path: <MAILER-DAEMON>
Received: from mail3.atl.registeredsite.com (nobody@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
[64.224.219.77])
by thewavecave.com (8.10.2/8.10.2) with ESMTP id g6EF0uB16938
for <snipped@xxxxxxxxx>; Sun, 14 Jul 2002 10:00:56 -0500
Received: from localhost (localhost)
by mail3.atl.registeredsite.com (8.12.2/8.12.5) id g6EF0wuA012978;
Sun, 14 Jul 2002 11:01:01 -0400
Date: Sun, 14 Jul 2002 11:01:01 -0400
From: Mail Delivery Subsystem <MAILER-DAEMON@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Message-Id: <200207141501.g6EF0wuA012978@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
To: <snipped@xxxxxxxxx>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="g6EF0wuA012978.1026658861/mail3.atl.registeredsite.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: R Simple headers
All attachments
*** ATTENTION ***
This email is being returned to you because the remote server would not
or could not accept the message. The registeredsite servers are just
reporting to you what happened and are not the source of the problem.
The address which was undeliverable is in the section labeled:
"----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is in the section labeled:
"----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to your e-mail
administrator.
--Registeredsite Postmaster
----- The following addresses had permanent fatal errors -----
<interland@xxxxxxxxxxxxxxxxxxxxxx>
(reason: 550 5.0.0 Access denied)
----- Transcript of session follows -----
... while talking to mail1.prod.customerasset.com.:
>>> MAIL From:<snipped@xxxxxxxxx>
<<< 550 5.0.0 Access denied
554 5.0.0 Service unavailable
Original-Recipient: RFC822;<supportd@xxxxxxxx>
Final-Recipient: RFC822; interland@xxxxxxxxxxxxxxxxxxxxxx
Action: failed
Status: 5.0.0
Diagnostic-Code: SMTP; 550 5.0.0 Access denied
Last-Attempt-Date: Sun, 14 Jul 2002 11:01:01 -0400
Date: Sun, 14 Jul 2002 09:01:01 -0600 (MDT)
From: snipped@xxxxxxxxx (internet communications)
To: supportd@xxxxxxxx
Subject: ssl7
ssl7 ttyp0 209.196.18.253 Thu Apr 25 12:22 - 12:45 (00:22)
ssl7 ttyp0 fw.wampum.sagenetworks.com Wed Jan 30 10:01 - 10:17
(00:15)
ssl7 ttyp0 fw.wampum.sagenetworks.com Wed Jan 30 09:44 - 10:00
(00:16)
ssl7 ttyp0 fw.wampum.sagenetworks.com Mon Dec 24 08:18 - 09:24
(01:05)
ssl7 ttyp0 fw.wampum.sagenetworks.com Mon Nov 26 14:08 - 14:11
(00:03)
ssl7 ttyp0 fw.wampum.sagenetworks.com Wed Nov 21 17:06 - 17:06
(00:00)
--------------------------( 571 similar entries snipped )------------------------
ssl7 ttyp0 209.170.57.34 Wed Sep 29 08:49 - 09:40 (00:50)
wtmp begins Wed Dec 11 14:03
============================================================
: END SUSPICIOUS MESSAGE
If anyone can shed light on this situation, I'd greatly appreciate it.
Thank you for your valuable time.
:D
--
David Black
Web Developer
http://theWaveCave.com