SUMMARY: Sendmail Problems

From: Ryan Matteson (ryanm@accn.org)
Date: Mon Jun 29 1998 - 08:14:21 CDT


Sorry it took so long to summarize, thanks to everyone who helped me get
my sendmail problems taken care of special thanks goes to:

                Laurinda Chamberlin
                John Keeton
                David Schiffrin
                Reto Lichtensteiger
                Neil Sakuma
                Einar Indridason
                Alan Klegg
                ANYONE I MISSED

Jun 25 10:13:42 commnet sendmail[7445]: KAA07416: KAA07445: DSN: Can't
create output

DSN == Delivery Status Notation... a mechanism to notify mailers about trouble.

Think this entry was caused by the remote/local mailer not having to write
anything....prob a dropped connection

Jun 25 18:54:48 commnet sendmail[9693]: NOQUEUE: Null connection from
client-151-198-187-243.bellatlantic.net [151.198.187.243] (may be forged)
^^^^^^^^^^^^^^
>From Laurinda Chamberlin:
Someone made a telnet connection to port 25 on your server from 151.198.187.243
and disconnected before entering any data. "May be forged" means that forward
and reverse DNS lookups do not give the same information (do an nslookup on the
hostname and then the IP address, and you'll see this).

>From Reto Lichtensteiger:
"NOQUEUE" means sendmail didn't need to create an entry in the queue
directory -- no big deal

 
# THIS ONE IS THE ONE I AM MOST CONCERNED ABOUT!!!!
Jun 25 21:13:32 commnet popper[13471]: Possible probe of account USERNAME
from host pm321-14.dialip.mich.net
^^^^^^^^^^^^^^^^^^^^
From: John Keeton
I think that last one about being probed, is when the following happens:

telnet commnet 110
<banner for QPOPPER>
+OK QUALCOMM Pop server derived from UCB (version 2.1.4-R3) at commnet
starting
<Enter the following>
user USERNAME
<Then disconnect w/ a control-[, or kill the connect any way but w/ "quit"
and that message is sysloged..
The Null connections isn't a big think, at least I don't think..

From: Alan B. Clegg
This is caused by a connection to the POP port, the USER command being
sent, but no PASS
It may be used to probe if a given account exists.



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:42 CDT