--On 09/25/00 08:17:20 AM -0400 "Burke, Thomas G."
<[EMAIL PROTECTED]> wrote:
> I've been seeing the following log entry alot recently (from different
> machines)... Is this a sendmail exploit I'm not aware of, or what?
> Before anyone asks, tomii is the name of my machine...
>
> Sep 24 13:11:45 tomii sendmail[23111]: NOQUEUE: Null connection from
> [209.185.179.107]
>
>From the sendmail FAQ (www.sendmail.org -- a good place to look first):
NOQUEUE: Null connection from host.domain [IP.AD.DD.RESS]
in the logfile means that host.domain connected to your MTA but neither
initiated transmission of a message (by issuing the MAIL
command), nor used any of the commands that are logged separately
(EXPN/VRFY/ETRN). Unless this happens very often, you can
ignore this. If it happens very often, it's either someone playing
around or it's a network problem.
Note 1: The significant part of the message isn't the NOQUEUE, but the
"Null connection from ...". In particular, NOQUEUE isn't
an error indication, but just a "place-holder" when no queue ID has
been assigned, typically because message collection hasn't started
(yet). It can occur in other messages too, and there too the
significant part is what comes after the NOQUEUE.
Note 2: In 8.10, the text which led to the confusion has been changed
to: "... did not issue MAIL/EXPN/VRFY/ETRN during
connection to ...".
-- Rob
_ _ _ _ _ _ _ _ _ _
/\_\_\_\_\ /\_\ /\_\_\_\_\_\
/\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
/\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
/\/_/_/_/_/ /\_\ /\/_/ /\/_/
/\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
\/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
Rob Tanner
McMinnville, Oregon
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
