Re: what is this?

[Sami Haahtinen <Sami.Haahtinen () ATK-ANTTI COM>]

Check your system, can anyone relay trough it. also check your
mail-queue, it usually is a positive sign of an known open relay if it's
full of mail not sent by your system or authorized systems.

also check if you are listed at orbs or other systems like that.

i would suspect an open relay from these messages... (well not if you
have sent those mails to all of those aol.com addresses.)

Regards, Sami Haahtinen

C wrote:
> Hi,
> Last night my logcheckd come up with the following:
>
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Aug  9 18:27:07 main sendmail[20202]:SAA20194:
> to=<ztattack11 () aol com>,<zpb316 () aol com>,<zotzum () aol com>,<zosom0 () aol com>,<zipper032563 () aol com>,<zion808 () aol 
> com>,<zigmo123 () aol com>,<ziggy3131 () aol com>,<zi69 () aol com>,<zerogoals () aol com>,
> delay=00:00:06, xdelay=00:00:00, mailer=relay, relay=my.isp.ro.
> [xxx.xxx.xxx.xxx], stat=Sent (ok
> 965834789 qp 24507 accepted for delivery to /dev/null. Thank you.)
> Aug  9 18:27:07 main sendmail[20202]: SAA20194:
> to=<ztattack11 () aol com>,<zpb316 () aol com>,<zotzum () aol com>,<zosom0 () aol com>,<zipper032563 () aol com>,<zion808 () aol 
> com>,<zigmo123 () aol com>,<ziggy3131 () aol com>,<zi69 () aol com>,<zerogoals () aol com>,
> delay=00:00:06, xdelay=00:00:00, mailer=relay, relay=my.isp.ro.
> [xxx.xxx.xxx.xxx], stat=Sent (ok
> 965834789 qp 24507 accepted for delivery to /dev/null. Thank you.)
>
> Please, I want your comments. Thank you!
--
If all else Fails, Read the manual...
 || Sami Haahtinen || ATK-Antti Oy || Sami.Haahtinen () atk-antti com ||