If you have never used or configured MD why do you think this "Chatter" is
being caused by MD.
What I see below is normal in almost everyone's mail logs. It is a
typical spammers tactic to try and send mail to every known name used in
an email address.
You might want to consider installing a better spam defense then to try
and disable what you have already said you have never used.
Regards,
Pete
> Hi All,
>
> How do I disabling majordomo? I do not want to uninstall it as it
> will probably break the RAQ interface. Just stop it working with
> sendmail so there is no way it can be used to spam.
>
> I'm running a RAQ 3 with majordomo installed for a few years. I've
> never used majordomo or even turned it on through the RAQ interface.
>
> About 2 months ago I've started to get a lot of chatter in my logs:
>
> ---------------start of log---------------
>
> Dec 13 07:49:44 www sendmail[9385]: HAA09385:
> <accounting@mydomain.com>... No such user here
> Dec 13 07:49:45 www sendmail[9385]: HAA09385:
> <accounts@mydomain.com>... No such user here
> Dec 13 07:49:46 www sendmail[9385]: HAA09385:
> <administrator@mydomain.com>... No such user here
> Dec 13 07:49:51 www sendmail[9385]: HAA09385:
> <advertising@mydomain.com>... No such user here
> Dec 13 07:49:52 www sendmail[9385]: HAA09385:
> <contact@mydomain.com>... No such user here
> Dec 13 07:49:53 www sendmail[9385]: HAA09385: <help@mydomain.com>...
> No such user here
> Dec 13 07:49:54 www sendmail[9385]: HAA09385: <home@mydomain.com>...
> No such user here
> Dec 13 07:49:57 www sendmail[9385]: HAA09385: <mail@mydomain.com>...
> No such user here
> Dec 13 07:50:00 www sendmail[9385]: HAA09385: <sales@mydomain.com>...
> No such user here
> Dec 13 07:50:03 www sendmail[9385]: HAA09385:
> <support@mydomain.com>... No such user here
> Dec 13 07:50:13 www sendmail[9385]: HAA09385:
> <webmaster@mydomain.com>... No such user here
> Dec 13 07:50:43 www sendmail[9429]: HAA09429: clone HAA09385,
> owner=admin
> Dec 13 07:50:48 www sendmail[9433]: HAA09433: Authentication-Warning:
> www.mydomain.com: mail set sender to Majordomo-Owner@www.mydomain.com
> using -f
> Dec 13 07:50:49 www sendmail[9435]: HAA09433: HAA09435: DSN: User
> unknown
>
> ---------------end of log---------------
>
> New file being created:
>
> /tmp/majordomo.debug
>
> and emails similar to below:
>
> ---------------start of email---------------
>
> To: Majordomo-Owner@www.mydomain.com
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
> boundary="KAA28086.1134125138/www.mydomain.com"
> Subject: Returned mail: User unknown
> Auto-Submitted: auto-generated (failure)
>
> This is a MIME-encapsulated message
>
> --KAA28086.1134125138/www.mydomain.com
>
> The original message was received at Fri, 9 Dec 2005 10:43:48 GMT
> from mail@localhost
>
> ----- The following addresses had permanent fatal errors -----
> fredsanders@mail.com
>
> ----- Transcript of session follows -----
> ... while talking to mail-com.mr.outblaze.com.:
> >>> RCPT To:<fredsanders@mail.com>
> <<< 550 <fredsanders@mail.com>: No thank you rejected: Account
> Unavailable: Possible Forgery
> 550 fredsanders@mail.com... User unknown
>
> --KAA28086.1134125138/www.mydomain.com
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; www.mydomain.com
> Arrival-Date: Fri, 9 Dec 2005 10:43:48 GMT
>
> Final-Recipient: RFC822; fredsanders@mail.com
> Action: failed
> Status: 5.1.1
> Remote-MTA: DNS; mail-com.mr.outblaze.com
> Diagnostic-Code: SMTP; 550 <fredsanders@mail.com>: No thank you
> rejected: Account Unavailable: Possible Forgery
> Last-Attempt-Date: Fri, 9 Dec 2005 10:45:38 GMT
>
> --KAA28086.1134125138/www.mydomain.com
> Content-Type: message/rfc822
>
> Return-Path: <Majordomo-Owner@www.mydomain.com>
> Received: (from mail@localhost)
> by www.mydomain.com (8.9.3/8.9.3) id KAA28084;
> Fri, 9 Dec 2005 10:43:48 GMT
> Date: Fri, 9 Dec 2005 10:43:48 GMT
> Message-Id: <200512091043.KAA28084@www.mydomain.com>
> X-Authentication-Warning: www.mydomain.com: mail set sender to
> Majordomo-Owner@www.mydomain.com using -f
> To: fredsanders@mail.com
> From: Majordomo@www.mydomain.com
> Subject: Majordomo results: Re: look at your web site stats...
> Reply-To: Majordomo@www.mydomain.com
>
>
> Followed by SPAM email and the followed by:
>
> **** No valid commands found.
> **** Commands must be in message BODY, not in HEADER.
>
> **** Help for Majordomo@www.mydomain.com:
>
> ETC.
>
> ---------------end of email---------------
>
> I'm pretty sure I'm not spamming anyone?
>
> I just want to disabling majordomo without uninstall it, as I said
> before, it will probably break the RAQ interface if I do.
>
> Many thanks.
>
> Regards,
>
> C.Teton
>
----
Peter P. Benac, CCNA
Emacolet Networking Services, Inc
Providing Network and Systems Project Management and Installation and
Web Hosting.
Phone: 919-618-2557
Web: http://www.emacolet.com
Need quick reliable Systems or Network Management advice visit
http://www.nmsusers.org
To have principles...
First have courage.. With principles comes integrity!!!
References:
|
|
