mardi 2 janvier 2007

Action! Mail flood coming from lxfsrk421

Frederic Hemmer forwards:

From: SmtpMonitorSink
Sent: Tuesday, January 02, 2007 8:33 AM
To: exchange-service (Exchange service list)
Subject: CERNMX06: Flood blocked !

CERNMX06:
Flood from: 128.142.169.11 in scope InternalIpOutgoing-ByIp blocked !

This is an automatic information email, do not reply.

It seems that the machine is trying to send mails to byniek.zb@wp.pl, and that this has started to fail at 7:15 this morning. In /var/log/maillog there are plenty of records like this one:


Jan  2 09:31:57 lxfsrk421 sendmail[3830]: l028Vqt6003828: to=, delay=00:00:05, xdelay=00:00:05, mailer=relay, pri=30478, relay=cernmxlb.cern.ch. [137.138.166.163], dsn=5.7.1, stat=User unknown
Jan  2 09:31:57 lxfsrk421 sendmail[3830]: l028Vqt6003828: l028Vvt6003830: DSN: User unknown
Jan  2 09:31:57 lxfsrk421 sendmail[3830]: l028Vvt6003830: to=, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31502, relay=cernmxlb.cern.ch., dsn=4.0.0, stat=Deferred: Connection reset by cernmxlb.cern.ch.


I stop sendmail on lxfsrk421 at 9:30, and notify PDB.Service@cern.ch.
Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)