[KLUG Members] Question about oddball logwatch entries.
Buist Justin
members@kalamazoolinux.org
Mon, 25 Nov 2002 11:25:44 -0500
Perhaps somebody is connecting to his SMTP server and running VRFY commands?
Justin Buist
> -----Original Message-----
> From: Adam Bultman [mailto:adamb@glaven.org]
> Sent: Monday, November 25, 2002 11:15 AM
> To: members@kalamazoolinux.org
> Subject: [KLUG Members] Question about oddball logwatch entries.
>
>
>
> I've a friend with an RH 7.2 system on the net. He's running
> the standard
> RH log reporting stuff, and I've set him up with a firewall.
>
> In his logwatch entries, he's got stuff like this:
>
> Unknown users:
> anxiety@<domain> 1 Times
> concern@<domain> "
> brown@<domain> "
> grumpy@<domain> "
>
> And so on.
>
> Now, I have another friend that was recently reprimanded for
> running an
> open relay on his cable modem, so I'm wondering, is someone
> testing his
> connection for users and to see if they can send SPAM? I
> found some of
> the entries in the maillog, so it appears it is at the very
> least going
> through sendmail. However, I've never seen this before.
>
> Anyone seen this before? I assume it's a SPAMmer looking for another
> unsuspecting host. But at the very least, he's not an open relay, and
> he's been denying such people of service.
>
> Adam
>
>
>
>
> --
> adamb@glaven.org
> [ www.glaven.org ]
>
>
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>
>