[lug] Sendmail thoughts.....
D. Stimits
stimits at idcomm.com
Thu Dec 14 13:40:47 MST 2000
Does great.plains.net have a reason to connect to your sendmail? I'm not
sure how some of the spam email relays work, but maybe it is someone
trying to relay through you. Maybe it is part of your ISP. If you don't
know who great.plains.net is, you shouldn't allow this. They do have a
web page at http://great.plains.net, maybe see if you recognize them. If
not I would send copies of what they have to spam@, abuse@, root@,
admin@, and webmaster at great.plains.net (CC to all) with copies of the
log info and ask them why they are trying to connect. I would also place
their numeric IP in /etc/hosts.deny, and use ipchains to deny anything
from them.
Note that the identd lines are not a problem, but may be a clue in
helping the other end decide what is going on. Port 25 though is another
issue that you should find out about.
Shannon Johnston wrote:
>
> This is the message that's coming through in the messages log:
>
> DEC 14 13:58:04 <my domain> identd[10697] connection from great.plains.net
> DEC 14 13:58:04 <my domain> identd[10697] from: 206.168.65.1 (
> great.plains.net ) for: 3093, 25
>
> This is happening about every 45 seconds to a minute.
>
> Something bad?
>
> Shannon Johnston
>
> On Thu, 14 Dec 2000, D. Stimits wrote:
>
> > Shannon Johnston wrote:
> > >
> > > Hello All,
> > > I've got a server that's connecting to my server about every two minutes
> > > on port 25. That's all that's listed in the logs. Is there a way to find
> > > out what it's sending?
> > >
> > > Thanks,
> > > Shannon Johnston
> > >
> >
> > Sounds like it is also a case for ipchains deny. That's your smtp
> > port...don't know if you have a need for something outside to be
> > connecting, such as being a mail relay. But if you deny it and see what
> > breaks, it might be interesting.
> >
More information about the LUG
mailing list