Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-25-2005, 11:43 PM   #1
LQ Newbie
Registered: Jul 2004
Posts: 22

Rep: Reputation: 15
Sendmail Log question

I am trying to figure out why the following is logged the way it appears someone is tries to connect to relay and fails, but it logs as local..instead of THEIR IP...

Sep 25 04:04:35 server1 sendmail[18213]: j8P83x3N018213: ruleset=check_mail, arg1=<>, relay=localhost.localdomain [], reject=451 4.1.8 Domain of sender address does not resolve
Sep 25 04:04:35 server1 sendmail[18213]: j8P83x3N018213: from=<>, size=2767, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost.localdomain []

How come Im not getting their IP...Also this is under

Unresolved sender domains: 1856 Time(s)

Last edited by JediKnight2; 09-26-2005 at 08:15 AM.
Old 09-26-2005, 05:36 PM   #2
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
The first possibility is that someone tried to send that email from your machine and as sendmail can't resolve it, it can't be send. However if that is the case it isn't well configured as it shouldn't keep trying to send it in so small intervales of time and should discard it eventually.

Other possibility is that someone send you a spoofed smtp replay so that sendmail would get confused and kind of DoS you. You should check your load. It should be a bit high as sendmail must be working pretty hard.

This is a standard sendmail log message:
Nov 4 04:05:48 *** sendmail[4697]: EAA04697:
from=<>, size=0, class=0, pri=0, nrcpts=0,
proto=ESMTP, relay=root@attacker.hostname[IPADDRESS]

So your connection either came from your localhost or you are getting spoofed packets.
Old 09-27-2005, 09:43 PM   #3
LQ Newbie
Registered: Jul 2004
Posts: 22

Original Poster
Rep: Reputation: 15
Weird...I had localhost.localdomain in "Local Domains"...I took it out..and it stopped...I still have localhost...????


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail log analyzer sakkie Linux - Software 1 08-01-2011 09:33 AM
sendmail log question gauge73 Linux - Networking 3 07-13-2005 05:06 PM
Sendmail log, is it relaying? tangle Linux - Security 2 05-26-2005 07:57 AM
Sendmail: no log!!! J_Szucs Linux - Software 1 02-27-2004 04:27 AM
sendmail.log magyartoth Linux - General 6 02-23-2002 08:07 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:15 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration