[Dshield] Odd sendmail log entries
mcgoy at plumbearcat.com
Fri May 6 13:02:35 GMT 2005
I was checking my sendmail logs when I noticed a bunch of "loops back to me"
errors. Sure enough, a dig on one of the offending domains sending the
e-mails resolves to 127.0.0.1. At almost exactly the same time there was
another domain with errors in my logs that digs to 0.0.0.0. Is it just a
misconfiguration or is there some sendmail rewrite rule exploit being
tested? Any information or experiences on this appreciated.
David McGaughey, GSEC, GSNA
More information about the list