[Dshield] SMTP problem

George Theall theall at tifaware.com
Mon Oct 11 21:24:51 GMT 2004

On Mon, Oct 11, 2004 at 10:39:52AM -0700, Mark Squire wrote:

> Well that's the thing.  I ran some tests for open relays on our system
> just to be sure, and they all came back negative, so that couldn't be
> the problem.

Don't be so quick to dismiss this as a possibility -- relay tests may be
incomplete and are likely to ignore completely injection through
non-SMTP channels (eg, formmail exploits). 

> > What is the content of the messages?  This may give more 
> > indication on the 
> > attack.
> This was all I was able to find anywhere:
> <emailaddress at domain.com>:connect to
> mail3.saveinternet.net[]: Connection timed out

Have you checked spool files in your deffered mail queue (probably
/var/spool/postfix/deferred/)? If these sorts of log messages are
ongoing, you should be able to see the actual messages, and in that way
you can determine whether you really have a problem. 

theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20041011/c8c473ae/attachment.bin

More information about the list mailing list