[gentoo-user] OT - Mail question

[gentoo-user] OT - Mail question

[Michael Sullivan]

What do you make of this?  I found it in /var/log/messages:

Jun 22 10:59:15 bullet sm-mta[2558]: k5L4mNFw021664:
to=<aw-conf@midamerica.com>, delay=1+11:10:52, xdelay=00:03:09,
mailer=esmtp, pri=6425885, relay=mail.midamerica.com. [65.243.220.163],
dsn=4.0.0, stat=Deferred: Connection timed out with mail.midamerica.com.


There are several of these.  It looks to me as if someone is trying to
send mail to aw-conf@midamerica.com, but neither my wife nor I know
them, and we're the only espersunited.com users who use mail actively.
Has my mail system been compromised?

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Mail question

[Uwe Thiem]

On 22 June 2006 17:04, Michael Sullivan wrote:
> What do you make of this?  I found it in /var/log/messages:
>
> Jun 22 10:59:15 bullet sm-mta[2558]: k5L4mNFw021664:
> to=<aw-conf@midamerica.com>, delay=1+11:10:52, xdelay=00:03:09,
> mailer=esmtp, pri=6425885, relay=mail.midamerica.com. [65.243.220.163],
> dsn=4.0.0, stat=Deferred: Connection timed out with mail.midamerica.com.
>
>
> There are several of these.  It looks to me as if someone is trying to
> send mail to aw-conf@midamerica.com, but neither my wife nor I know
> them, and we're the only espersunited.com users who use mail actively.
> Has my mail system been compromised?

The mail in question is still lying around somewhere under /var/spool 
(depending on the MTA you are using). Find it and read it with an editor. 
That might give you a hint what is going on.

Also, read your MTA's log file to find out who has sent it.

Uwe

-- 
Mark Twain: I rather decline two drinks than a German adjective.
http://www.SysEx.com.na
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Mail question

[Rumen Yotov]

[-- Attachment #1: Type: text/plain, Size: 821 bytes --]

Michael Sullivan wrote:
> What do you make of this?  I found it in /var/log/messages:
> 
> Jun 22 10:59:15 bullet sm-mta[2558]: k5L4mNFw021664:
> to=<aw-conf@midamerica.com>, delay=1+11:10:52, xdelay=00:03:09,
> mailer=esmtp, pri=6425885, relay=mail.midamerica.com. [65.243.220.163],
> dsn=4.0.0, stat=Deferred: Connection timed out with mail.midamerica.com.
> 
> 
> There are several of these.  It looks to me as if someone is trying to
> send mail to aw-conf@midamerica.com, but neither my wife nor I know
> them, and we're the only espersunited.com users who use mail actively.
> Has my mail system been compromised?
> 
Hi,
Are you using a local mail-server or a relayhost (yout ISP mail-server)?
Check to see if your mail server (if any) isn't an open relay.
Google for a site to check or check the config.
HTH.Rumen

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3493 bytes --]

Re: [gentoo-user] OT - Mail question

[Michael Sullivan]

On Thu, 2006-06-22 at 17:21 +0100, Uwe Thiem wrote:
> On 22 June 2006 17:04, Michael Sullivan wrote:
> > What do you make of this?  I found it in /var/log/messages:
> >
> > Jun 22 10:59:15 bullet sm-mta[2558]: k5L4mNFw021664:
> > to=<aw-conf@midamerica.com>, delay=1+11:10:52, xdelay=00:03:09,
> > mailer=esmtp, pri=6425885, relay=mail.midamerica.com. [65.243.220.163],
> > dsn=4.0.0, stat=Deferred: Connection timed out with mail.midamerica.com.
> >
> >
> > There are several of these.  It looks to me as if someone is trying to
> > send mail to aw-conf@midamerica.com, but neither my wife nor I know
> > them, and we're the only espersunited.com users who use mail actively.
> > Has my mail system been compromised?
> 
> The mail in question is still lying around somewhere under /var/spool 
> (depending on the MTA you are using). Find it and read it with an editor. 
> That might give you a hint what is going on.
> 
> Also, read your MTA's log file to find out who has sent it.
> 
> Uwe
> 
> -- 
> Mark Twain: I rather decline two drinks than a German adjective.
> http://www.SysEx.com.na

I found something that suggests that MAILER-DAEMON is trying to email
aw-conf@midamerica.com to tell them that their spam has been rejected.
Probably sent by Mailman.  If I can find the original email, can I delet
it and make sendmail stop trying to send it?

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Mail question

[Uwe Thiem]

On 22 June 2006 18:37, Michael Sullivan wrote:

> I found something that suggests that MAILER-DAEMON is trying to email
> aw-conf@midamerica.com to tell them that their spam has been rejected.
> Probably sent by Mailman.  If I can find the original email, can I delet
> it and make sendmail stop trying to send it?

I haven't used sendmail in ages (about 10 years). I don't remember how to do 
it cleanly.

Why don't you move to a modern MTA like exim, postfix, qmail or such?

Uwe

-- 
Mark Twain: I rather decline two drinks than a German adjective.
http://www.SysEx.com.na
-- 
gentoo-user@gentoo.org mailing list