[svlug] Bad email

Skip Evans skip at venomouspenguin.com
Tue Mar 29 07:21:12 PST 2005


Hi all,

I have a client running FC1 on a few servers, and the one that handles 
email for many of their clients sites is getting bombarded with bad 
email messages. A typical chuck of /var/log/maillog looks like this:

Mar 27 04:09:29 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<ristig at gemstones.com>... User unknown
Mar 27 04:09:31 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<krog at gemstones.com>... User unknown
Mar 27 04:09:32 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<littlenomad at gemstones.com>... User unknown
Mar 27 04:09:33 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<mikelalli at gemstones.com>... User unknown
Mar 27 04:09:34 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<mcrawley at gemstones.com>... User unknown
Mar 27 04:09:35 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<nguyenc at gemstones.com>... User unknown
Mar 27 04:09:36 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<romp at gemstones.com>... User unknown
Mar 27 04:09:37 207-234-129-112 sendmail[30415]: j2RC8ORJ030415: 
<tim at gemstones.com>... User unknown

These things are coming in by the ton, and I was hoping of locating a 
source IP address, maybe a couple of them, and adding them to 
/etc/hosts.deny. But maillog does not record this information.

Is there another log file where I can locate it?

I also found out about 'blacklisting' in sendmail, and will consider
that if I can't find just one IP address to deny.

Any suggestions would be greatly appreciated.

Skip





More information about the svlug mailing list