Strange relay messages in qmail mailserver
Matthew Carpenter
matt
Sun Feb 6 15:58:20 PST 2005
I've heard of misconfigured systems sending 127.x.x.x traffic over the
wire, but since the whole 127. network is locally routed for your
machines, there can be no reply over the network, thus TCP connections
are not possible. Since SMTP uses TCP, I would look for something
running on the box. UDP or ICMP (or any other IP-based protocol like
ESP and AH) is another story... but again, they would only be able to
"whisper in your ear", not have your system respond.
Shawn Tayler wrote:
>Hi Guys,
>
>I have a qmail mail server thats getting pretty busy with the junk email
>bounces. I noticed in /var/log/messages that msgs were being relayed via
>127.0.0.2 and 3. I have pop before smtp installed and 127.* was allowed
>for relay. I cut it back to simply 127.0.0.1 and there are a few attempts
>from the other addresses still, but they are failing now.
>
>Have any of you ever seen this sort of behavoir on a mail system? I can't
>find anything running on the system and my other qmail box, although not
>near as busy does not show the same behavoir.
>
>Also, how could someone get 127.0.0.2 or three to a box either locally or
>via the port 25, forwarded from the fire wall. I guess I'm a bit
>befuddled.
>
>Suggestions on where to look?
>
>Shawn
>_______________________________________________
>Linux-users mailing list
>Linux-users at linux-sxs.org
>http://mail.linux-sxs.org/cgi-bin/mailman/listinfo/linux-users
>
>Need to chat further on this subject? Check out #linux-users on irc.linux-sxs.org !
>
>
>
>
>
More information about the Linux-users
mailing list