[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Huge number of entries in /var/log/maillog

To: misc@openbsd.org
Subject: Huge number of entries in /var/log/maillog
From: Paul Greene <pauljgreene@comcast.net>
Date: Sat, 02 Aug 2003 00:50:54 -0400
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

I've recently started noticing a huge amount of mail log files being 
generated on my home system. I'm not sure if I just have some network 
parameters set incorrectly and sendmail is freaking out, or if someone 
has managed to muck into my system for some nefarious purpose.

The way I have things set up:

There are two servers; one running obsd 3.2, used for firewall and NAT. 
Another box is running obsd 3.3, and has Apache webserver activated. 
Traffic is redirected to the webserver from the firewall using a 
redirect statement in pf.conf. The firewall blocks all services on its 
external interface except ssh and http.

The symptoms of the problem:

On the webserver, a huge amount of these entries are being generated in 
/var/log/maillog.

Aug  1 23:01:27 webserver sm-msp-queue[1026]: h6S6U2hW010919: 
to=postmaster, delay=4+21:30:04, xdelay=00:00:00, mailer=relay, 
pri=21186892, relay=ds1.domainspa.com., dsn=4.0.0, stat=Deferred: 
Connection timed out with ds1.domainspa.com.

On the firewall I'm getting a whole bunch of these messages:

Aug  1 23:01:18 <sanitized_host_name> sm-msp-queue[30220]: 
h6S6U2GF021761: to=postmaster, delay=4+21:29:59, xdelay=00:00:00, 
mailer=relay, pri=21185783, relay=localhost.home.net., dsn=4.0.0, 
stat=Deferred: Connection timed out with localhost.home.net.

When I installed obsd on both, I did not enable sendmail on either one, 
but both of them appear to have sendmail listening on port 25. The 
curious thing is that netstat -a shows smtp listening on both if run on 
localhost, but if nmap is run remotely on either box, port 25 appears to 
be closed.

So, I'm not sure what's going on?! Is this "ds1.domainspa.com" a likely 
culprit in something? i.e. trying to use me as a spam relay? Or is 
possibly my network configuration a little goofy which might be causing 
sendmail to puke on itself?

/etc/hosts on both the webserver and firewall contains:

::1 localhost.home.net localhost
127.0.0.1 localhost.home.net localhost
192.168.1.2 webserver.home.net webserver

Any suggestions greatly appreciated.

Oh, and btw, I've added an incoming rule to pf.conf to block 
domainspa.com from coming into my network, and configured it to log any 
connections, but nothing is showing up in pflog.

PG

Follow-Ups:
- Re: Huge number of entries in /var/log/maillog
  - From: Bruno Saverio Delbono <bdelbono@leviathan.lucifer.at>
- Re: Huge number of entries in /var/log/maillog
  - From: "Peter H. Coffin" <hellsop@ninehells.com>

Prev by Date: Re: blocking new version of kazaa
Next by Date: Re: Huge number of entries in /var/log/maillog
Prev by thread: Re: blocking new version of kazaa
Next by thread: Re: Huge number of entries in /var/log/maillog
Index(es):
- Date
- Thread