pm0.net are a notorious spammer.
They presumably are spamming many invalid users at this site.
The saving grace is their IP address can be determined and tcpserver
(deny) is your friend.
Regards.
On Wed, Aug 08, 2001 at 03:34:44PM +0000, eric allegedly wrote:
>
>
> The following is something I've noticed as a recurrent problem that I'm
> having. qmail-send processes just seem to get "stuck". I assumed they
> were waiting on a response from a slow MX, but in order to try to avoid
> this I have set /var/qmail/control/timeouremote to 180 seconds
>
> $ date ; ps ax | grep qmail-remote | grep -v grep
> Wed Aug 8 08:51:45 CDT 2001
> 18813 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 27933 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 30405 ? S 0:00 qmail-remote ofr.pm0.net [EMAIL PROTECTED]
> 5784 ? S 0:00 qmail-remote hmr.pm0.net
> [EMAIL PROTECTED]
> 9924 ? S 0:00 qmail-remote msn.com [EMAIL PROTECTED]
> 10980 ? S 0:00 qmail-remote ofr.pm0.net [EMAIL PROTECTED]
> $ date ; ps ax | grep qmail-remote | grep -v grep
> Wed Aug 8 09:19:27 CDT 2001
> 18813 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 27933 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 30405 ? S 0:00 qmail-remote ofr.pm0.net [EMAIL PROTECTED]
> 5784 ? S 0:00 qmail-remote hmr.pm0.net
> [EMAIL PROTECTED]
> $ ps ax | grep qmail-send
> 688 ? S 20:37 qmail-send
> 13381 pts/5 S 0:00 grep qmail-send
> $ sudo kill -ALRM 688
> $ date ; ps ax | grep qmail-remote | grep -v grep
> Wed Aug 8 09:21:21 CDT 2001
> 18813 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 27933 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 30405 ? S 0:00 qmail-remote ofr.pm0.net [EMAIL PROTECTED]
> 5784 ? S 0:00 qmail-remote hmr.pm0.net
> [EMAIL PROTECTED]
> 13314 ? S 0:00 qmail-remote norman.bay9.com
> [EMAIL PROTECTED]
> 13376 ? S 0:00 qmail-remote norman.bay9.com
> [EMAIL PROTECTED]
> 13398 ? S 0:00 qmail-remote hmr.pm0.net
> [EMAIL PROTECTED]
> 13408 ? S 0:00 qmail-remote usa.com [EMAIL PROTECTED]
> 13442 ? S 0:00 qmail-remote newsletter.ourhouse.com
> OurHouse.com___
> 13462 ? S 0:00 qmail-remote norman.bay9.com
> [EMAIL PROTECTED]
> 13479 ? S 0:00 qmail-remote anon.lcs.mit.edu [EMAIL PROTECTED]
> mail
> 13483 ? S 0:00 qmail-remote norman.bay9.com
> [EMAIL PROTECTED]
> 13495 ? S 0:00 qmail-remote yaho.com [EMAIL PROTECTED]
> play4money@ya
> 13503 ? S 0:00 qmail-remote norman.bay9.com
> [EMAIL PROTECTED]
> 13512 ? S 0:00 qmail-remote norman.bay9.com
> [EMAIL PROTECTED]
> 13531 ? S 0:00 qmail-remote norman.bay9.com
> [EMAIL PROTECTED]
> $ date ; ps ax | grep qmail-remote | grep -v grep
> Wed Aug 8 09:40:48 CDT 2001
> 18813 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 27933 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 30405 ? S 0:00 qmail-remote ofr.pm0.net [EMAIL PROTECTED]
> 5784 ? S 0:00 qmail-remote hmr.pm0.net
> [EMAIL PROTECTED]
> ~$ date ; ps ax | grep qmail-remote | grep -v grep
> Wed Aug 8 10:22:42 CDT 2001
> 18813 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 27933 ? S 0:00 qmail-remote ofr.pm0.net
> [EMAIL PROTECTED]
> 30405 ? S 0:00 qmail-remote ofr.pm0.net [EMAIL PROTECTED]
> 5784 ? S 0:00 qmail-remote hmr.pm0.net
> [EMAIL PROTECTED]
>
> The four processes that I'm worrried about are 18813, 27933, 30405, and
> 5784. They've been active for about 2 hours and maybe longer (who knows
> how long they had been running when I started this log).
>
> Anyone else seeing similar stuff happening? I'm running qmail-1.03 without
> any patches under RedHat 6.1 (kernel 2.2.12-20smp)
>
> Eric Calvert
