Hello everyone,
I'm seeing strange rejectlog entries in my exim 4.50 rejectlogs on
FreeBSD 4.10, and i was wondering if anyone has seen this before, or
knows what might cause this, because i'm at a loss right now...
| 2005-03-22 19:30:29 SMTP protocol violation:
| synchronization error (input sent without waiting for greeting):
| rejected connection from H=jproxy.google.com [216.239.56.206]:9971
| I=[xx.xx.xx.xx]:25 input="# $FreeBSD: src/etc/group,v 1.19.2.3
| 2002/06/30 17:57:17 des Exp $\n#\nwheel:*:0:root,ssmeenk [..] "
| 2005-03-21 16:24:36 SMTP protocol violation:
| synchronization error (input sent without waiting for greeting):
| rejected connection from H=host213-122-131-26.in-addr.btopenworld.com
| [213.122.131.26]:4402 I=[xx.xx.xx.xx]:25 input="# $FreeBSD:
| src/etc/group,v 1.19.2.3 2002/06/30 17:57:17 des Exp
| $\n#\nwheel:*:0:root,ssmeenk [..] "
As you can see, a totally unrelated computer on the internet connects to
a primary MX and sends me my own /etc/group file. Which kind of scares
me, since I have absolutely *NO* clue how they got my /etc/group file in
the first place. (And /etc/group seems like the least interresting file
to be stealing/playing with if you were a cracker).
Thing is, it's not one host doing this:
H=jproxy.google.com [216.239.56.206]:9971
H=host213-122-131-26.in-addr.btopenworld.com [213.122.131.26]:4402
H=jproxy.google.com [216.239.56.200]:4807
H=jproxy.google.com [216.239.56.192]:47531
H=139-80-246-201.adsl.terra.cl [201.246.80.139]:4414
H=155.red-81-35-116.pooles.rima-tde.net [81.35.116.155]:3468
H=[203.128.18.176]:3660
Has anyone seen this before?
Any ideas on what might cause this?
Can anyone shed a light on what 'jproxy.google.com' is?
System is running:
- FreeBSD 4.10
- Exim 4.50
- SpamAssassin 3.0.2 by Exiscan
- ClamAV 0.83 by Exiscan
Thanks!
Kind regards,
Sander.
--
| > Because it messes up the order in which people normally read text.
| > > Why is top-posting such a bad thing?
| > > > Top-posting.
| > > > > What is the most annoying thing on usenet and in email?
