[SATLUG] sendmail logging

Geoff geoff at w5omr.shacknet.nu
Sun Sep 2 13:06:06 CDT 2007 

Leif Johnson wrote:
>
> I've tested my mailserver (sendmail-8.14.1-4.1.fc6) for open relay and 
> the report says I'm not open. Fine. I have my /etc/mail/access file 
> limited to relay from localhost only:
>
> # by default we allow relaying from localhost...
> localhost.localdomain           RELAY
> localhost                       RELAY
> 127.0.0.1                       RELAY
>
> Yet I keep seeing entries such as this in my maillog:
>
> Sep  2 11:40:35 mobydick sendmail[26541]: l82GLnJe026541: lost input 
> channel from [219.248.195.170] to MTA after data
> Sep  2 11:40:35 mobydick sendmail[26541]: l82GLnJe026541: 
> from=<alelu at pisem.net>, size=0, class=0, nrcpts=0, proto=ESMTP, 
> daemon=MTA, relay=[219.248.195.170]
> Sep  2 11:41:04 mobydick sendmail[26539]: l82GLn2v026539: lost input 
> channel from [219.248.195.170] to MTA after data
> Sep  2 11:41:04 mobydick sendmail[26539]: l82GLn2v026539: 
> from=<kaluga at white-cat.com>, size=0, class=0, nrcpts=0, proto=ESMTP, 
> daemon=MTA, relay=[219.248.195.170]
>
> Can someone tell me if those are just bounces or does this indicate 
> that my mailserver is being used as a relay of some sort?

Someone's -trying- to use you as a relay.  Did you ping 'white-cat.com' 
and see what you come up with?

PING white-cat.com (89.253.245.50) 56(84) bytes of data.
64 bytes from mnogomag.ru (89.253.245.50): icmp_seq=1 ttl=46 time=190 ms

a whois on the 219.248.195.170 address comes back with

KRNIC is not an ISP but a National Internet Registry similar to APNIC.
The followings is organization information that is using the IPv4 address.

IPv4 Address       : 219.248.195.0-219.248.195.255
Network Name       : HANANET-INFRA
Connect ISP Name   : HANANET
Connect Date       : 20030325
Registration Date  : 20041014
Publishes          : Y

[ Organization Information ]
Organization ID    : ORG3930
Org Name           : Hanaro Telecom Inc.
Address            : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail address     : 17-7 Asia One Bldg.
Zip Code           : 150-874

[ Technical Contact Information ]
Name               : IP manager
Org Name           : Hanaro Telecom Inc.
Address            : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail address     : 17-7 Asia One Bldg.
Zip Code           : 150-874
Phone              : +82-2-106-2
E-Mail             : ip-adm at hanaro.com

someone is -trying-, but are probably not very successful.

--

More information about the SATLUG mailing list