[plug] smtp madness.
James Devenish
devenish at guild.uwa.edu.au
Tue Jun 22 15:14:35 WST 2004
In message <Pine.LNX.4.44.0406221458490.1037-100000 at guild.murdoch.edu.au>
on Tue, Jun 22, 2004 at 03:04:30PM +0800, Shayne O'Neill wrote:
> and somewhere somehow its all going tit-about-ass with some sort of
> autoreply or something with bad headers (so its not recognised by the
> mta)
(Just as a technical aside: I suspect that an incoming e-mail need not
have any headers at all, and your MTA itself should probably not care
about the header, though perhaps it would baulk at attempting to deliver
a completely empty message.) Anyway...are you able to capture packets to
disk for further analysis (e.g. using tcpflow / ethereal)? That would
give you a definitive indication of the nature of the traffic, and you
could also match it against the 'effect' as seen in your log entries.
> The problem of course is that if this is the case then the ip block wont
> work.
[...]
> tcp 0 0 yourguild.murdoch.:smtp yhaaus.lnk.telstra:8342 ESTABLISHED
Hmm...looks either like someone has inserted badly-formed entries into
their public reverse DNS (possibly intentionally), or the part of the
name after ".telstra" has been truncated from the display.
> will hosts.deny do it?
Good thinking. (But I don't know the answer...guess it depends on
whether exim was compiled with tcpwrappers support.)
More information about the plug
mailing list