"Strange" maillog entries - am I being used as a relay?
Corey Head
coreyhead at yahoo.com
Sat Apr 2 18:37:42 UTC 2005
--- Mike Pelley <mike at pelleys.com> wrote:
> Folks - I noticed some strange errors in my logwatch
> report and when I checked my maillog I found the
> entries below. I have SMTPS with TLS set up for
> authentication. Does this mean I'm being used as a
> relay?
>
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]:
> connect from unknown[216.113.195.131]
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]:
> setting up TLS connection from
> unknown[216.113.195.131]
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]:
> TLS connection established from
> unknown[216.113.195.131]: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits)
> maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]:
> 0A1267031D: client=unknown[216.113.195.131]
> maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]:
> 0A1267031D: reject: RCPT from
> unknown[216.113.195.131]: 450 <wjwwwdk at pelleys.com>:
> User unknown in local recipient table; from=<>
> to=<wjwwwdk at pelleys.com> proto=ESMTP
> helo=<email.noproblemnetworks.com>
> maillog:Mar 29 09:30:27 zeus postfix/smtpd[26863]:
> disconnect from unknown[216.113.195.131]
I don't think you're being used as a spammer--though
someone is trying. There is a REJECT line in your log
for that job#. I get these a lot (though use sendmail
so it's a little different). There are so many people
out there trying, though, you may want to make sure
you server is secure by enabling SMTP AUTH and
checking your Access lists in the configuration files.
Corey
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-list
mailing list