[Dshield] Odd sendmail log entries

David McGaughey mcgoy at plumbearcat.com
Fri May 6 13:02:35 GMT 2005


Greetings!

 

I was checking my sendmail logs when I noticed a bunch of "loops back to me"
errors.  Sure enough, a dig on one of the offending domains sending the
e-mails resolves to 127.0.0.1.  At almost exactly the same time there was
another domain with errors in my logs that digs to 0.0.0.0.  Is it just a
misconfiguration or is there some sendmail rewrite rule exploit being
tested?  Any information or experiences on this appreciated.

 

David McGaughey, GSEC, GSNA

About:  http://mcgoy.plumbearcat.com/RESCOMPU.htm

 




More information about the list mailing list