[Shorewall-users] OT how to Make Sendmail Speak
Steve at SteveCowles.com
Fri Jul 11 09:14:38 PDT 2003
John Andersen wrote:
> I've noticed a lot of connections to my sendmail with an aledged TO
> address of
> BCFaun9enYd-khansen-norcomsoftware.com at cdbjcvcwrql.searchresul
> The actual name varies, but the end bit is always
> Because my sendmail insists that the from address be resolvable,
> these don't get thru.
> However my machine tries to connect back to the mx of
> searchresultzdelivered.com, which is
Be interesting to see all of your logfile entries for this. Are you sure its
not just sendmail sending a DSN back? Which is just as bad.
> Being sort of suspicous, I blacklisted the entire subnet of
> searchresultz. I suspect they are looking for open relays.
Either that or they are trying to verify a valid e-mail address.
> So I ask, who are these people? (I know all about dig and whois
> guys). Why does google have nothing on them?
probably because the domain was created last week.
> Also, I want to know how I can make sendmail cought up the originating
> IP for a connection so I can ban that subnet too. Clearly its not
> originating from anywhere in 184.108.40.206/24 as that is blacklisted.
As far as realtime scanning, that would probably require the use of a
specialized milter. You could always write a cron job that scanned your
logfiles and updated sendmail's access map. At least you could stop further
> Anyone else seeing connections from that bunch?
I just checked a months worth of logfiles and did not see any hits. Whew! At
least for now. I'm sure these bastards will find me before long. :-(
More information about the Shorewall-users