| |
| |
| |
|
Page: 1 2
Comments:
<0> boa tarde
<1> can someone answer a question for me, I am running 8.12 sendmail, and I am seeing the following error in my maillog "xx.xx.xx.xx did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" is this something I should be concerned with?
<2> No
<1> ok, but I am seeing it on for example ebay.com domains, and even paypal.com
<1> so, was just concerened
<1> what does it mean, if you dont mind me asking so I can try to understand it
<2> What does it say?
<0> it means someone connected to you and then went away
<1> sendmail[5248]: l0GFjawI005248: d83-189-76-55.cust.tele2.de [83.189.76.55] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
<1> sendmail[5253]: l0GFjtwI005253: mxpool08.ebay.com [66.135.197.14] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
<1> those are a few examples
<2> That's exactly what it means. It is informational. seen a lot lately due to botnet activity
<1> ok
<1> appreciate the help
<2> hmm for the ebay one, you have a problem
<1> ok
<1> what?
<2> could be connectivity issues
<1> could I get you to take a look and see if you see anything?
<2> You mean read the log? I am not fully awake:)
<1> well, I ment, login to the box
<1> but I can show you the log
<1> just trying to find the problem
<2> Oh, it may not be a problem
<1> sendmail[5299]: l0GFnkwI005299: elasmtp-kukur.atl.sa.earthlink.net [209.86.89.65] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
<2> Ah, that one looks valid
<1> but for example, I am getting alot of these, more then normal
<2> is the system under load?
<1> 10:55AM up 59 mins, 3 users, load averages: 0.16, 0.06, 0.01
<2> if you are getting more than normal, don't worry, some dumb botnet out there
<2> But if you have earthlink and such generating these warnings check to see whether your sendmail is responding correctly
<2> What's the server address?
<1> well, the strange part is some mail is working, however others are not
<2> ah
<2> moment
<1> thanks
<2> you have pregreeting pause?
<1> not that I am aware of
<2> DNS issues?
<1> not that I am ware of, not had any complaints on DNS
<2> I don't see the banner yet
<2> seems like you have a sendmail problem
<1> ok
<2> dig infant.mutilation.org
<2> on that box
<1> want me to post the results?
<2> No, just the time and whether you got an answer
<1> yes
<2> okay looks good
<2> do you have any other warning in the sendmail log? Do you uppdate sendmail or do any change?
<1> k
<2> Yoru DNS is fine
<2> diable the firewall
<2> disable
<1> no firewall installed
<2> I got your banner now
<2> No fire wall in front of the box?
<1> no
<2> You mean you don't run any packet filter on that box? You surprise me
<2> Do you have any milters?
<1> I had spam milter running, but turned it off trying to see if that was the problem
<2> was it off when I tested?
<1> yes
<2> turn that other thing off
<2> can I test?
<1> sec
<2> do you have a rc.d script?
<1> no
<2> disabled?
<1> I think so
<2> still the same problem, you can enable firewall
<1> ok, sec
<1> ok
<2> Do you have any startup errors with sendmail (see log)?
<1> let me look
<2> stop sendmail
<2> start it
<2> see log
<1> sr-71# /usr/sbin/sendmail -bd -q20m
<1> WARNING: Xspam******in: local socket name /var/run/spam***-milter.sock missing
<1> WARNING: Xclmilter: local socket name /var/run/clamav/clmilter.sock missing
<2> There you go
<1> Jan 16 11:23:28 sr-71 sendmail[344]: starting daemon (8.12.6p3): SMTP+queueing@00:20:00
<2> your milters are not running
<1> but I think those are the ones I turned off to see if they are causing the problem
<2> are you sure they are off?
<1> yeah, when I killed the sendmail, I checked
<2> okay, testing connection
<1> let me make sure 100%
<1> sr-71# ./spam***-milter.sh stop
<1> spam***_milter not running?
<2> That's what the above says
<1> correct, I have them disabled, I can fire them it ya want, and re-start sendmail
<2> No, wait
<1> k
<1> do, you feel this is fixable, or should I re-install sendmail?
<2> if it is the milters, then it's not a sendmail problem and it should be easily fixable
<2> a reinstall rarely fixes a problem
<2> Okay, see your log for any warnings now
<1> see the logs for new errors, or restart the sendmail?
<2> see log
<2> No need to restart
<2> Therem, that's the problem
<2> fix the milters
<1> ok
<1> sec...
<2> your milters are not running/timing out/failing
<1> can you test it now and see if it seems to work any better
<2> same problem
<2> are the milters running?
<1> no
<1> I took them out
<1> figured it would be easier
<2> in the mc as well?
<1> yes
<1> and then did a make and make install
<2> post your sendmail.cf to a website
<1> sec.
<2> Okay, looks like they are disabled
<2> Are you sure sendmail is using sendmail.cf?
<1> well, I just figured it was... how do I verify this?
<2> Let me test, if you see the warnings you know that it's not
<2> if you don't p*** any special configuration parameter, sendmail defaults to sendmail.cf
<1> k
<1> ok
<1> so, did you test it?
<2> Yes, waiting for the timeout
<1> ok
<1> just checking
<2> Do you see any warnings in the log?
<2> It hasn't timed out yet
<1> the same MTA ones...
<2> No milter warnings?
<1> sendmail[828]: l0GGlYwK000828: mxpool11.ebay.com [66.135.197.17] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
<1> no
<2> Okay, did you get a timeout now?
<1> I see no milter errors
<1> Jan 16 11:51:28 sr-71 sendmail[935]: l0GGpC0D000935: [84.229.54.37]: possible SMTP attack: command=HELO/EHLO, count=3
<2> Hmm, there is still a problem
<1> was that you?
<2> Did you do any changes to that box recently?
<1> no
<1> thats the wierd part
<2> No, that's not my ip address
<2> and you can ignore that error with the current problem
<1> its been working fine and then all of a sudden I got problems
<1> k
<2> 84.229.54.37 is teh remote client
<1> so, what do you suggest I do?
<2> good question
<2> Thinking how to debug
Return to
#sendmail
or
Go to some related
logs:
#stocks
#firebird
#stocks
heartogram meaning
cmc cfd aust
#hardware
darkstar-passes
#nhl
#online
#gentoo
|
|