[ale] Maillog: User unknown
Tony Carter
tcarter at entrusion.com
Tue Dec 27 22:59:40 EST 2005
>> I noticed something interesting in my maillog file today, there are
thousands of entries like below, I spent a few minutes googleing and could
find any good info. Does anyone know whats happening here? The mail server
has about 20 accounts and 2 domains, 'mydomain1' and 'mydomain2'.
>> Nick
>> Dec 27 11:21:05 mydomain1 sendmail[21756]: jBRGL50G021756:
<hrs at mydomain2.com>... User unknown
>> Dec 27 11:21:06 mydomain1 sendmail[21756]: jBRGL50G021756: <
Looks like someone is enumerating usernames to possibly use for relaying
(spam) mail?? Sorry I don't know sendmail but does this message indicate
that the attempts are made from the sendmail host itself? If so, you should
make sure that you don't have a cgi script that allow mail relaying..
-Tony
More information about the Ale
mailing list