[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Determining if my OpenBSD 3.3 box sent out mails

To: Jim Lambert <JLambert@Futurex.com>
Subject: Re: Determining if my OpenBSD 3.3 box sent out mails
From: Olivier Cherrier <oc@karedas.cediti.be>
Date: Fri, 12 Sep 2003 23:11:29 +0200
Cc: "'misc@openbsd.org'" <misc@openbsd.org>
Content-Disposition: inline
Mail-Followup-To: Olivier Cherrier <oc@karedas.cediti.be>,Jim Lambert <JLambert@Futurex.com>,"'misc@openbsd.org'" <misc@openbsd.org>
References: <C575E92235CDD31182BB0090271E020C39B046@jfx_mail.futurex.com>
User-Agent: Mutt/1.4i

On Fri, Sep 12, 2003 at 01:34:04PM -0700, JLambert@Futurex.com wrote:
> We had an issue at our company last night where our ISP detected a large
> amount of emails coming from our IP address.  I want to make sure this
> wasn't generated by my OpenBSD systems.  Is there something I can check,
> some log or configuration, that will tell me if my system was the offending
> system?  I have checked the maillogs and the messages logs in the /var/log
> directory but didnt see anything overt. 
> 
> My systems are stock OpenBSD3.3 systems with DHCP, NAT, and PF enabled.  I
> have also installed healthd which could email on a problem, but which isn't
> configured to email on any problems.

If you do some NAT for some internal networks, it could be one of these
computer that sent so many emails, depending in your PF rules.
You can try to block such connections or, at least, log them.

-- 
oc - oc@karedas.cediti.be

References:
- Determining if my OpenBSD 3.3 box sent out mails
  - From: Jim Lambert <JLambert@Futurex.com>

Prev by Date: Re: email header analysis
Next by Date: Re: Determining if my OpenBSD 3.3 box sent out mails
Prev by thread: Determining if my OpenBSD 3.3 box sent out mails
Next by thread: Re: Determining if my OpenBSD 3.3 box sent out mails
Index(es):
- Date
- Thread