Re: Excess SMTP traffic to non-mail host

[Chris Wilkes <cwilkes () ladro com>]

On Wed, Mar 27, 2002 at 12:10:39PM -0000, Basil Hussain wrote:
> Has anyone any clues what's going on here? Misconfigured remote mail hosts?
> Missing MX records somewhere out there? DDoS against mail hosts?

To see if it is a wacky MX record out there you could install a minimal
SMTP server config that doesn't actually do anything beyond taking in
the email and recording who it was set To:.

You could do this by installing your favorite mail server and setting it
up to not accept any domain's email.  You'll get the info up to the To:
which is what you want to look at.

I had a problem with an errant DNS record pointing to my new set of IP
addresses.  Kept on getting web requests for some /manual/... pages which I
knew I didn't have.  I modified Apache's logging so that it would print
out the exact host it was trying to go to (in a nutshell I made the 404
return go to a cgi script which dumped Apache's environment variables so
I can pick out %HTTP_HOST) and found the offending name.  Contacted the
admin and worked it out.

Chris

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com