Strange relay messages in qmail mailserver

Shawn Tayler stayler
Sun Feb 6 16:56:49 PST 2005 

Thats my perspective too.  I can find no signs of a rootkit or anything new
on the system.. I shut off relelaying for evrything but local addresses and
127.0.0.1 and tried all the requisitie relay checkers to no avail...  

Vary strange indeed.

On Sun, 06 Feb 2005 15:57:12 -0500 Matthew Carpenter <matt at eisgr.com>
exclaimed:

> I've heard of misconfigured systems sending 127.x.x.x traffic over the 
> wire, but since the whole 127. network is locally routed for your 
> machines, there can be no reply over the network, thus TCP connections 
> are not possible.  Since SMTP uses TCP, I would look for something 
> running on the box.  UDP or ICMP (or any other IP-based protocol like 
> ESP and AH) is another story... but again, they would only be able to 
> "whisper in your ear", not have your system respond.
> 
> 
> Shawn Tayler wrote:
> 
> >Hi Guys,
> >
> >I have a qmail mail server thats getting pretty busy with the junk email
> >bounces.  I noticed in /var/log/messages that msgs were being relayed
> >via 127.0.0.2 and 3.  I have pop before smtp installed and 127.* was
> >allowed for relay.  I cut it back to simply 127.0.0.1 and there are a
> >few attempts from the other addresses still, but they are failing now.
> >
> >Have any of you ever seen this sort of behavoir on a mail system?  I
> >can't find anything running on the system and my other qmail box,
> >although not near as busy does not show the same behavoir.
> >
> >Also, how could someone get 127.0.0.2 or three to a box either locally
> >or via the port 25, forwarded from the fire wall.  I guess I'm a bit
> >befuddled.  
> >
> >Suggestions on where to look?
> >
> >Shawn
> >_______________________________________________
> >Linux-users mailing list
> >Linux-users at linux-sxs.org
> >http://mail.linux-sxs.org/cgi-bin/mailman/listinfo/linux-users
> >
> >Need to chat further on this subject? Check out #linux-users on
> >irc.linux-sxs.org !
> >
> >
> >
> >  
> >
> 
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> http://mail.linux-sxs.org/cgi-bin/mailman/listinfo/linux-users
> 
> Need to chat further on this subject? Check out #linux-users on
> irc.linux-sxs.org !
>

More information about the Linux-users mailing list