[Dshield] Can someone explain this syslog message?

David C. Hart DavidHart at TQMcube.com
Thu Oct 30 12:55:20 GMT 2003


On Wed, 2003-10-29 at 23:24, Johannes Ullrich wrote:
> Could it be that you are sending mail to a hotmail account?
> Are you running your own mail server which delivers directly
> (instead of via some ISP mail server)?

Yes. I see some bounce messages in the logs going back to MSN (using the
Hotmail SMTP gateway). But those are on a different interface (same
box).
> 
> It could be that the connection timed out in your firewall.
> Or, that someone spoofed your IP and you see 'backscatter'.

As many have experienced, there are numerous timeouts sending to
Hotmail. RegEx header and body checks occur off-line so they generate a
bounce instead of a REJECT. There aren't many of these but Postfix can
be very persistent. When I have time, I'll have to compare the maillog
to the syslog. Just to be safe, I'll extend SMTP SASL authorization to
the LAN. "Backscatter?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031030/470e801d/attachment.bin


More information about the list mailing list