I'm running sendmail 8.8.8 on a Tru64 v4.0G box. I know, people tell us we
should upgrade to a newer sendmail version but we're trying to stick with the
Compaq-supported version for now. That aside, here's what I'm seeing on our
mail server. I look at the sendmail jobs and I see this kind of stuff:
PID TTY S TIME CMD
5628 ?? I 0:00.01 sendmail: server servus.i-var.si [1
8899 ?? I 0:00.01 sendmail: server servus.i-var.si [1
16707 ?? I 0:00.01 sendmail: server servus.i-var.si [1
17207 ?? I 0:00.01 sendmail: server servus.i-var.si [1
21490 ?? I 0:00.01 sendmail: server servus.i-var.si [1
27307 ?? I 0:00.01 sendmail: server servus.i-var.si [1
If I check the logs I see hundreds of entries matching this:
Oct 31 08:46:33 alpha sendmail[4813]: IAA0000004813: ruleset=check_mail, arg1=<l
eads5569_at_yahoo.cocm>, relay=servus.i-var.si [193.2.41.50], reject=451 <leads5569
_at_yahoo.cocm>... Sender domain unresolvable
Oct 31 08:46:33 alpha sendmail[4813]: IAA0000004813: from=<leads5569_at_yahoo.cocm>
, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=servus.i-var.si [193.2.41.
50]
These entries pop about every 30 seconds. I've seen this same behavior
with others as well. If you kill 'em they just keep coming back. Is this
normal or something we should be worrying about? Our mail logs are being
choked by attempts to relay through us when the individual is infected with
the SirCam virus. We're blocking those kinds of things at our edge router.
However, I don't want to get overly zealous in blocking outside sites because
(a) we're a college and (b) I don't want to overload the router with ACL
entries.
================================================================================
Don Newcomer Dickinson College
Associate Director, System and Network Services P.O. Box 1773
newcomer_at_dickinson.edu Carlisle, PA 17013
Phone: (717) 245-1256
FAX: (717) 245-1690
Received on Wed Oct 31 2001 - 14:34:37 NZDT