Thanks to all who replied. I think that I have tracked this to sendmail refusing to relay email. I checked my syslog (why didn't I do that earlier? not enough sleep I suppose...) and there are attempts from the IP address to send mail through all of my machines. Since the name and IP do not resolve the same it is refusing. Thanks again! Begin forwarded message: > From: Eric Williams <ewilliams@mail.wesleyan.edu> > Date: Tue Sep 10, 2002 7:43:57 AM US/Eastern > To: sunmanagers@sunmanagers.org > Subject: Is this a security concern? > > I have been getting this message repeating in my message logs all day > for a few days now. I searched for what would be causing it and at > first it looked like a lookup problem. I nslookup'd the name and IP > both using the DNS servers we have and they both resolve fine on this > machine. Here is what I am getting: > > Sep 9 00:09:30 mymachine.edu last message repeated 1 time > Sep 9 00:48:17 mymachine.edu rpc.nisd_resolv[219]: > nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48. > Sep 9 01:05:27 mymachine.edu last message repeated 1 time > Sep 9 01:32:35 mymachine.edu rpc.nisd_resolv[219]: > nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48. > Sep 9 01:49:30 mymachine.edu last message repeated 1 time > Sep 9 02:26:47 mymachine.edu rpc.nisd_resolv[219]: > nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48. > Sep 9 02:45:27 mymachine.edu last message repeated 1 time > Sep 9 03:09:35 mymachine.edu rpc.nisd_resolv[219]: > nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48. > Sep 9 03:29:30 mymachine.edu last message repeated 1 time > Sep 9 04:05:17 mymachine.edu rpc.nisd_resolv[219]: > nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48. > Sep 9 04:25:28 mymachine.edu last message repeated 1 time > Sep 9 04:46:35 mymachine.edu rpc.nisd_resolv[219]: > nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48. > Sep 9 05:09:31 mymachine.edu last message repeated 1 time > Sep 9 05:43:48 mymachine.edu rpc.nisd_resolv[219]: > nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48. > , > , > , > > This just showed up a few days ago and at first I only had a few lines > during a day. This repeats all day long now. Should I be concerned > someone inside or out is trying something on my system? Any > suggestions on tracking down the cause and killing it? I'll post a > follow-up. Thanks! > > ----------------------------------------------------------------------- > - > Eric Williams > Wesleyan University > ewilliams@wesleyan.edu > AIM: radvelman > 860 685-3664 > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > ------------------------------------------------------------------------ Eric Williams Wesleyan University ewilliams@wesleyan.edu AIM: radvelan 860 685-3664 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Sep 10 10:07:20 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:54 EST