[plug] smtp madness.

James Devenish devenish at guild.uwa.edu.au
Tue Jun 22 15:14:35 WST 2004

In message <Pine.LNX.4.44.0406221458490.1037-100000 at guild.murdoch.edu.au>
on Tue, Jun 22, 2004 at 03:04:30PM +0800, Shayne O'Neill wrote:
> and somewhere somehow its all going tit-about-ass with some sort of
> autoreply or something with bad headers (so its not recognised by the
> mta)

(Just as a technical aside: I suspect that an incoming e-mail need not
have any headers at all, and your MTA itself should probably not care
about the header, though perhaps it would baulk at attempting to deliver
a completely empty message.) Anyway...are you able to capture packets to
disk for further analysis (e.g. using tcpflow / ethereal)? That would
give you a definitive indication of the nature of the traffic, and you
could also match it against the 'effect' as seen in your log entries.

> The problem of course is that if this is the case then the ip block wont
> work.
> tcp  0  0 yourguild.murdoch.:smtp yhaaus.lnk.telstra:8342 ESTABLISHED

Hmm...looks either like someone has inserted badly-formed entries into
their public reverse DNS (possibly intentionally), or the part of the
name after ".telstra" has been truncated from the display.

> will hosts.deny do it?

Good thinking. (But I don't know the answer...guess it depends on
whether exim was compiled with tcpwrappers support.)

More information about the plug mailing list