[plug] Is this a spam attack?
James Devenish
devenish at guild.uwa.edu.au
Tue May 13 17:44:18 WST 2003
In message <sec1315f.038 at mmtnetworks.com.au>
on Tue, May 13, 2003 at 05:54:32PM +0800, Jon Miller wrote:
> No I have not configured the server as an open relay. The mail queue
> (mqueue) is empty. I've had a look at the /var/log/messages and I see
> a lot of the following:
>
> May 13 17:10:30 rhfs1 named[678]: lame server resolving 'nwohio.com' (in 'nwohio.com'?): 65.196.203.13#53
> May 13 17:10:30 rhfs1 named[678]: lame server resolving 'globalsafety.com' (in 'globalsafety.com'?): 199.181.77.91#53
>
> Why would the server be getting someone elses dns request. There are quite a few of these in the log.
Someone else's requests? Why do you say that? 'lame server' notices are
normal when other people have malfunctioning or misconfigured DNS and
you (or your users or your daemons) try to look up their addresses.
Perhaps you're receiving spam from addresses that claim to be
@globalsafety.com?
More information about the plug
mailing list