"Strange" maillog entries - am I being used as a relay?
Paul Howarth
paul at city-fan.org
Sat Apr 2 11:34:27 UTC 2005
On Sat, 2005-04-02 at 06:22 -0330, Mike Pelley wrote:
> Folks - I noticed some strange errors in my logwatch report and when I checked my maillog I found the entries below. I have SMTPS with TLS set up for authentication. Does this mean I'm being used as a relay?
>
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: connect from unknown[216.113.195.131]
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: setting up TLS connection from unknown[216.113.195.131]
> maillog:Mar 29 09:30:24 zeus postfix/smtpd[26863]: TLS connection established from unknown[216.113.195.131]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
> maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]: 0A1267031D: client=unknown[216.113.195.131]
> maillog:Mar 29 09:30:25 zeus postfix/smtpd[26863]: 0A1267031D: reject: RCPT from unknown[216.113.195.131]: 450 <wjwwwdk at pelleys.com>: User unknown in local recipient table; from=<> to=<wjwwwdk at pelleys.com> proto=ESMTP helo=<email.noproblemnetworks.com>
> maillog:Mar 29 09:30:27 zeus postfix/smtpd[26863]: disconnect from unknown[216.113.195.131]
Looks like a failed backscatter delivery attempt (a bounce for a mail
you didn't send, probably a virus/worm/spam forgery). The delivery
failed because the forged sender address "wjwwwdk at pelleys.com" doesn't
exist in your domain.
These happen all the time, and are nothing to worry about, though you
might want to reject future bounces from the backscatter-sending host at
216.113.195.131 if your server can be configured to do that.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list