Find the answer to your Linux question:
Results 1 to 6 of 6
Hi to all. I see about 2.000 emails similar to this attached on my sendmail queue. I'm running Centos 5 and sendmail 8.13.8. All emails are in statud "Deferred" because ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2009
    Posts
    14

    strange emails on sendamail queue


    Hi to all. I see about 2.000 emails similar to this attached on my sendmail queue. I'm running Centos 5 and sendmail 8.13.8. All emails are in statud "Deferred" because destination address don't exist. I don't know how this emails arrive to my server. Only authenticated user can send mail from sendmail. I already test it. How can I see if some of my users try to send this emails? I'm not able to see this on maillog.

    I have only line like this:
    Jun 9 14:09:46 adlhost60 sendmail[13547]: STARTTLS=client, relay="symailserver.hsbc.co.uk"., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256

    Jun 9 14:09:47 adlhost60 sendmail[13547]: o59BnO3Q013547: to=<"email address attached">, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=32819, relay="symailserver.hsbc.co.uk" [193.108.72.62], dsn=5.1.1, stat=User unknown

    Jun 9 14:19:34 adlhost60 sendmail[13547]: STARTTLS=client, relay="symailserver.hsbc.co.uk"., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256

    Jun 9 14:19:35 adlhost60 sendmail[13547]: o59BnO3T013547: to=<"email address attached">, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=32819, relay="symailserver.hsbc.co.uk". [193.108.72.62], dsn=5.1.1, stat=User unknown

    Jun 9 14:30:29 adlhost60 sendmail[13547]: STARTTLS=client, relay="symailserver.hsbc.co.uk"., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256

    Jun 9 14:30:29 adlhost60 sendmail[13547]: o59BnO3W013547: to=<"email address attached">, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=32819, relay="symailserver.hsbc.co.uk". [193.108.72.62], dsn=5.1.1, stat=User unknown

    And now I see that i'm blacklisted on Topian. My server ip is 194.20.145.8.

    Can you help me with this issue?
    Thanks a lot.
    Attached Images Attached Images

  2. #2
    Just Joined!
    Join Date
    Oct 2009
    Posts
    14
    Hello!! Are there anyone can help me? Thanks in advance.

  3. #3
    Linux Newbie
    Join Date
    Apr 2008
    Location
    India
    Posts
    170
    Hi,

    First please avoid posting your ip address on public forums.
    Is the server working alone as an mail server ? Do you run apache as
    well, if so do an ps aufx as well scan your ftp logs. check for users who
    have uploaded cgi files on your box.

    Please copy the entire header of your mail.

    If you have incoming spam attacks add rbs to your box and enable spf for your domains.
    Regards
    David Anand
    -->Success is the list of failures ...!!!

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Oct 2009
    Posts
    14
    Hello. The server il working alone as an email server. It doesn't have any other services enable. What do you mean about
    add rbs to your box
    ?
    About email header, have you take a look to the image attach? Is it not helpful?
    How can I remove the ip from the post?
    Thanks a lot for your help.

  6. #5
    Linux Newbie
    Join Date
    Apr 2008
    Location
    India
    Posts
    170
    Hi,

    I am sorry that was an typo, It was suppose to be RBL's.

    It seems some one is relaying mails towards your server,
    Check the logs under which user they got authenticated.
    Regards
    David Anand
    -->Success is the list of failures ...!!!

  7. #6
    Just Joined!
    Join Date
    Oct 2009
    Posts
    14
    Hi, I see a lot of spam going out from my server on saturday 5 june. Unfortunately I don't have log before that day. I take a look to the maillog but I don't see the username that send these emails. I only see destination addresses. Do you know how can I see it through all these lines? Thanks a lot.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •