[vox-tech] strange postfix error message
Micah J. Cowan
micah at cowan.name
Fri Apr 21 13:54:37 PDT 2006
On Thu, Apr 20, 2006 at 08:48:27PM -0700, Cylar Z wrote:
> Hey all,
>
> I run FC5. I'm also running Postfix as my mail daemon
> with a program called LogWatch that mails a system log
> summary each day to my root account.
>
> While browsing this logwatch yesterday, the following
> snippet appeared in the Postfix section:
>
> --------------------- postfix Begin
> ------------------------
>
> 5978 bytes transferred
> 2 messages sent
> 2 messages removed from queue
>
> Relaying denied: 2 Time(s)
>
> Unrecognized warning:
>
> 219-84-126-227-adsl-tpe.dynamic.so-net.net.tw[219.84.126.227]
> sent non-SMTP
> command: Subject:?erelay ok?f<my-ip-address-here>
> : 1 Time(s)
> personaljames.com[82.165.30.80] sent non-SMTP
> command: From: "Chase Online"
> <online at chase.com> : 1 Time(s)
>
> ---------------------- postfix End
> --------------------------
> (the field containing <my-ip-address-here> really did
> have my actual IP listed, which I am keeping
> confidential for security reasons.)
>
> What exactly is that error message I see listed under
> "unrecognized warning?" I don't think it's a mail
> relay attempt, since it says just above that the
> system already denied two of those. Is this some kind
> of attempt to break into the system through the SMTP
> port, and if so, is there any indication the cracker
> was successful?
It looks to me like the relay started sending the message content before
it issued an SMTP DATA command.
--
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer...
http://micah.cowan.name/
More information about the vox-tech
mailing list