Hi,

Environment: Sendmail 8.13.8, RedHat Linux

Recently we've been seeing messages that have a from address of a dot.

I think it's probably a misconfiguration on our server -- does anyone
have any experience in dealing with this ? If so, could you please
offer some advice as to how to deal with this ?

from mailq:
/var/spool/mqueue (34 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/
Recipient-----------
l3L3sTgZ027671 13177 Fri Apr 20 23:54 MAILER-DAEMON
(Deferred: 421 Message from (128.100.132.55)
temporarily defe)
<.@yohayassociates.com>
l3L3PFS8012926 13789 Fri Apr 20 23:25 MAILER-DAEMON
(Deferred: Connection refused by northern-tech.com.)
<.@northern-tech.com>
l3L2pCkp027492 13575 Fri Apr 20 22:51 MAILER-DAEMON
(Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address reje)
<.@embelton.com>


>From the message:
Return-Path: <.@yohayassociates.com>

Any thoughts is very much appreciated.

Thanks!

In news:1177132092.703714.180000@y5g2000hsa.googlegro ups.com,
d <d3yuen@gmail.com> wrote:

> Recently we've been seeing messages that have a from address of a dot.
>
> I think it's probably a misconfiguration on our server -- does anyone
> have any experience in dealing with this ? If so, could you please
> offer some advice as to how to deal with this ?
>
> from mailq:
> /var/spool/mqueue (34 requests)
> -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/
> Recipient-----------
> l3L3sTgZ027671 13177 Fri Apr 20 23:54 MAILER-DAEMON
> (Deferred: 421 Message from (128.100.132.55)
> temporarily defe)
> <.@yohayassociates.com>
> l3L3PFS8012926 13789 Fri Apr 20 23:25 MAILER-DAEMON
> (Deferred: Connection refused by northern-tech.com.)
> <.@northern-tech.com>
> l3L2pCkp027492 13575 Fri Apr 20 22:51 MAILER-DAEMON
> (Deferred: 450 4.7.1 <.@embelton.com>: Recipient
> address reje)
> <.@embelton.com>
>
>
>> From the message:
> Return-Path: <.@yohayassociates.com>
>
> Any thoughts is very much appreciated.

Copy and paste this (wrapped) command; please post the results of:

egrep -v "l3L2pCkp027492|l3L3PFS8012926|l3L3sTgZ027671" \
`awk '/^mail\./ {print $2}' /etc/syslog.conf `

so that you can see what the logfile states about the matter.

In news:58tnk0F2hl4rbU1@mid.individual.net,
patrick <pt,ri.c.k@stratrev.corn> wrote:

> Copy and paste this (wrapped) command; please post the results of:
>
> egrep -v "l3L2pCkp027492|l3L3PFS8012926|l3L3sTgZ027671" \
> `awk '/^mail\./ {print $2}' /etc/syslog.conf `
>
> so that you can see what the logfile states about the matter.

Should be:

egrep "l3L2pCkp027492|l3L3PFS8012926|l3L3sTgZ027671" \
`awk '/^mail\./ {print $2}' /etc/syslog.conf `

On Apr 21, 2:02 am, "patrick" <pt,ri....@stratrev.corn> wrote:
> Innews:58tnk0F2hl4rbU1@mid.individual.net,
>
> patrick <pt,ri....@stratrev.corn> wrote:
> > Copy and paste this (wrapped) command; please post the results of:
>
> > egrep -v "l3L2pCkp027492|l3L3PFS8012926|l3L3sTgZ027671" \
> > `awk '/^mail\./ {print $2}' /etc/syslog.conf `
>
> > so that you can see what the logfile states about the matter.
>
> Should be:
>
> egrep "l3L2pCkp027492|l3L3PFS8012926|l3L3sTgZ027671" \
> `awk '/^mail\./ {print $2}' /etc/syslog.conf `

Hi,


Thanks for the quick reply! I'm a little slow today -- I thought of
posting log entries, only after I clicked send.

Here are the log entries ... Any thoughts are very much appreciated!

Apr 20 22:51:12 mailserver sendmail[27492]: l3L2p8kp027467:
l3L2pCkp027492: DSN: Data format error
Apr 20 22:51:12 mailserver sendmail[27492]: l3L2pCkp027492:
to=<.@embelton.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
pri=43268, relay=filter1.embelt-1.mailguard.com.au. [70.86.21.242],
dsn=4.4.5, stat=Deferred: 451 4.4.5 <.@embelton.com>: Recipient
address rejected: Too much incorrectly addressed email for this
domain, try again shortly
Apr 20 22:51:13 mailserver sendmail[27492]: l3L2pCkp027492:
to=<.@embelton.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=43268, relay=filter2.embelt-1.mailguard.com.au. [67.15.42.51],
dsn=4.4.5, stat=Deferred: 451 4.4.5 <.@embelton.com>: Recipient
address rejected: Too much incorrectly addressed email for this
domain, try again shortly
Apr 20 22:51:13 mailserver sendmail[27492]: l3L2pCkp027492:
to=<.@embelton.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=43268, relay=filter3.embelt-1.mailguard.com.au. [74.52.56.178],
dsn=4.4.5, stat=Deferred: 451 4.4.5 <.@embelton.com>: Recipient
address rejected: Too much incorrectly addressed email for this
domain, try again shortly
Apr 20 23:11:17 mailserver sendmail[5729]: l3L2pCkp027492:
to=<.@embelton.com>, delay=00:20:05, xdelay=00:00:01, mailer=esmtp,
pri=133268, relay=filter1.embelt-1.mailguard.com.au. [74.52.162.178],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 20 23:11:18 mailserver sendmail[5729]: l3L2pCkp027492:
to=<.@embelton.com>, delay=00:20:06, xdelay=00:00:02, mailer=esmtp,
pri=133268, relay=filter2.embelt-1.mailguard.com.au. [67.15.24.9],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 20 23:11:18 mailserver sendmail[5729]: l3L2pCkp027492:
to=<.@embelton.com>, delay=00:20:06, xdelay=00:00:02, mailer=esmtp,
pri=133268, relay=filter3.embelt-1.mailguard.com.au. [74.52.56.178],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 20 23:25:15 mailserver sendmail[12926]: l3L3PDS8012914:
l3L3PFS8012926: DSN: Data format error
Apr 20 23:25:31 mailserver sendmail[12926]: l3L3PFS8012926:
to=<.@northern-tech.com>, delay=00:00:16, xdelay=00:00:16,
mailer=esmtp, pri=43462, relay=northern-tech.com. [205.203.240.10],
dsn=4.0.0, stat=Deferred: Connection refused by northern-tech.com.
Apr 20 23:54:29 mailserver sendmail[27671]: l3L3sRgZ027662:
l3L3sTgZ027671: DSN: Data format error
Apr 20 23:54:30 mailserver sendmail[27671]: l3L3sTgZ027671:
to=<.@yohayassociates.com>, delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=42899, relay=mx5.biz.mail.yahoo.com.
[68.142.224.244], dsn=4.0.0, stat=Deferred: 421 Message from
(128.100.132.55) temporarily deferred - 4.16.50. Please refer to
http://.yahoo.com//us/mail/defer/defer-06.html
Apr 21 00:11:16 mailserver sendmail[4250]: l3L3sTgZ027671:
to=<.@yohayassociates.com>, delay=00:16:47, xdelay=00:00:00,
mailer=esmtp, pri=132899, relay=mx1.biz.mail.yahoo.com.
[67.28.113.136], dsn=5.1.1, stat=User unknown
Apr 21 00:11:16 mailserver sendmail[4250]: l3L3sTgZ027671:
l3L4BGpJ004250: return to sender: User unknown
Apr 21 00:11:24 mailserver sendmail[4250]: l3L3PFS8012926:
to=<.@northern-tech.com>, delay=00:46:09, xdelay=00:00:08,
mailer=esmtp, pri=133462, relay=northern-tech.com. [205.203.240.10],
dsn=4.0.0, stat=Deferred: Connection refused by northern-tech.com.
Apr 21 00:11:25 mailserver sendmail[4250]: l3L2pCkp027492:
to=<.@embelton.com>, delay=01:20:13, xdelay=00:00:01, mailer=esmtp,
pri=223268, relay=filter1.embelt-1.mailguard.com.au. [69.16.232.181],
dsn=4.4.5, stat=Deferred: 451 4.4.5 <.@embelton.com>: Recipient
address rejected: Too much incorrectly addressed email for this
domain, try again shortly
Apr 21 00:11:25 mailserver sendmail[4250]: l3L2pCkp027492:
to=<.@embelton.com>, delay=01:20:13, xdelay=00:00:01, mailer=esmtp,
pri=223268, relay=filter2.embelt-1.mailguard.com.au. [67.15.42.51],
dsn=4.4.5, stat=Deferred: 451 4.4.5 <.@embelton.com>: Recipient
address rejected: Too much incorrectly addressed email for this
domain, try again shortly
Apr 21 00:11:26 mailserver sendmail[4250]: l3L2pCkp027492:
to=<.@embelton.com>, delay=01:20:14, xdelay=00:00:02, mailer=esmtp,
pri=223268, relay=filter3.embelt-1.mailguard.com.au. [74.52.56.178],
dsn=4.4.5, stat=Deferred: 451 4.4.5 <.@embelton.com>: Recipient
address rejected: Too much incorrectly addressed email for this
domain, try again shortly
Apr 21 01:11:52 mailserver sendmail[3527]: l3L3PFS8012926:
to=<.@northern-tech.com>, delay=01:46:37, xdelay=00:00:08,
mailer=esmtp, pri=223462, relay=northern-tech.com. [205.203.240.10],
dsn=4.0.0, stat=Deferred: Connection refused by northern-tech.com.
Apr 21 01:11:55 mailserver sendmail[3527]: l3L2pCkp027492:
to=<.@embelton.com>, delay=02:20:43, xdelay=00:00:02, mailer=esmtp,
pri=313268, relay=filter1.embelt-1.mailguard.com.au. [69.16.232.177],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 21 01:11:55 mailserver sendmail[3527]: l3L2pCkp027492:
to=<.@embelton.com>, delay=02:20:43, xdelay=00:00:02, mailer=esmtp,
pri=313268, relay=filter2.embelt-1.mailguard.com.au. [67.15.24.9],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 21 01:11:56 mailserver sendmail[3527]: l3L2pCkp027492:
to=<.@embelton.com>, delay=02:20:44, xdelay=00:00:03, mailer=esmtp,
pri=313268, relay=filter3.embelt-1.mailguard.com.au. [74.52.56.178],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 21 02:12:28 mailserver sendmail[1673]: l3L3PFS8012926:
to=<.@northern-tech.com>, delay=02:47:13, xdelay=00:00:08,
mailer=esmtp, pri=313462, relay=northern-tech.com. [205.203.240.10],
dsn=4.0.0, stat=Deferred: Connection refused by northern-tech.com.
Apr 21 02:12:29 mailserver sendmail[1673]: l3L2pCkp027492:
to=<.@embelton.com>, delay=03:21:17, xdelay=00:00:01, mailer=esmtp,
pri=403268, relay=filter1.embelt-1.mailguard.com.au. [70.86.21.242],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 21 02:12:30 mailserver sendmail[1673]: l3L2pCkp027492:
to=<.@embelton.com>, delay=03:21:18, xdelay=00:00:02, mailer=esmtp,
pri=403268, relay=filter2.embelt-1.mailguard.com.au. [67.15.24.9],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable
Apr 21 02:12:30 mailserver sendmail[1673]: l3L2pCkp027492:
to=<.@embelton.com>, delay=03:21:18, xdelay=00:00:02, mailer=esmtp,
pri=403268, relay=filter3.embelt-1.mailguard.com.au. [74.52.56.178],
dsn=4.7.1, stat=Deferred: 450 4.7.1 <.@embelton.com>: Recipient
address rejected: Service is unavailable


Thank you very much!
-d

d schrieb:
> Recently we've been seeing messages that have a from address of a dot.
>
> I think it's probably a misconfiguration on our server -- does anyone
> have any experience in dealing with this ? If so, could you please
> offer some advice as to how to deal with this ?

I'm seeing rather a lot of this too recently, but every instance I
investigated was SPAM with an obviously forged sender address. Looks
like some spambot out there is building sender addresses for its manure
by prefixing existing domain names with ".@".

--
Tilman Schmidt t.schmidt@phoenixsoftware.de
Phoenix Software GmbH www.phoenixsoftware.de
Adolf-Hombitzer-Str. 12 Amtsgericht Bonn HRB 2934
53227 Bonn, Germany Geschäftsführer: W. Grießl