[plug] Is this a spam attack?

Jon Miller jlmiller at mmtnetworks.com.au
Tue May 13 17:54:32 WST 2003


No I have not configured the server as an open relay.  The mail queue (mqueue) is empty.
I've had a look at the /var/log/messages and I see a lot of the following:

May 13 17:10:30 rhfs1 named[678]: lame server resolving 'nwohio.com' (in 'nwohio.com'?): 65.196.203.13#53
May 13 17:10:30 rhfs1 named[678]: lame server resolving 'globalsafety.com' (in 'globalsafety.com'?): 199.181.77.91#53

Why would the server be getting someone elses dns request.  There are quite a few of these in the log.

Jon L. Miller, MCNE, CNS
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby



>>> devenish at guild.uwa.edu.au 5:01:39 PM 13/05/2003 >>>
Replying to plug at plug (not enigma-list at redhat.com): 

In message <sec1257a.021 at mmtnetworks.com.au>
on Tue, May 13, 2003 at 05:03:38PM +0800, Jon  Miller wrote:
> Just put a server online

Did you configure it first*? ;)

> Is this a spam attack?

Its mailq should make that fairly obvious? Otherwise, are the senders of
the e-mail anyone you recognised?

* While tongue-in-cheek I of course mean "If it's not configured as an
  open relay then perhaps it just has dodgy users. If it's configured
  as an open relay then it's probably acting as one."







More information about the plug mailing list