[KLUG Members] Question about oddball logwatch entries.

Buist Justin members@kalamazoolinux.org
Mon, 25 Nov 2002 11:25:44 -0500

Previous message: [KLUG Members] Question about oddball logwatch entries.
Next message: [KLUG Members] Call For Speakers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Perhaps somebody is connecting to his SMTP server and running VRFY commands?

Justin Buist


> -----Original Message-----
> From: Adam Bultman [mailto:adamb@glaven.org]
> Sent: Monday, November 25, 2002 11:15 AM
> To: members@kalamazoolinux.org
> Subject: [KLUG Members] Question about oddball logwatch entries.
> 
> 
> 
> I've a friend with an RH 7.2 system on the net.  He's running 
> the standard
> RH log reporting stuff, and I've set him up with a firewall.
> 
> In his logwatch entries, he's got stuff like this:
> 
> Unknown users:
> anxiety@<domain> 1 Times
> concern@<domain> "
> brown@<domain> "
> grumpy@<domain> "
> 
> And so on.
> 
> Now, I have another friend that was recently reprimanded for 
> running an
> open relay on his cable modem, so I'm wondering, is someone 
> testing his
> connection for users and to see if they can send SPAM?  I 
> found some of
> the entries in the maillog, so it appears it is at the very 
> least going
> through sendmail. However, I've never seen this before.
> 
> Anyone seen this before?  I assume it's a SPAMmer looking for another
> unsuspecting host.  But at the very least, he's not an open relay, and
> he's been denying such people of service.
> 
> Adam
> 
> 
> 
> 
> -- 
> adamb@glaven.org
> [ www.glaven.org ]
> 
> 
> 
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
> 
>

Previous message: [KLUG Members] Question about oddball logwatch entries.
Next message: [KLUG Members] Call For Speakers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]