From: "Reuben D. Budiardja" <techlist@xxxxxxxxxxxxxxxxxxxx> > Hi all, > I'm wondering if someone can help me interpret this. I got lots of this in my > maillog: > .. > 1958:Jan 27 05:52:03 voyager sendmail[13700]: i0RAq3413700: > <peter@xxxxxxxxxxxxxxxxxxxx>... User unknown > 1962:Jan 27 06:01:10 voyager sendmail[13758]: i0RB19413758: > <sandra@xxxxxxxxxxxxxxxxxxxx>... User unknown > 1969:Jan 27 06:08:46 voyager sendmail[13808]: i0RB8j413808: > <ray@xxxxxxxxxxxxxxxxxxxx>... User unknown > .. > > and (sometimes) correspondingly in the next line the following also exist: > > jan 27 05:36:58 voyager sendmail[13585]: i0RAaw413585: lost input channel from > adsl-66-73-195-63.dsl.chcgil.ameritech.net [66.73.195.63] to MTA after rcpt > Jan 27 05:36:58 voyager sendmail[13585]: i0RAaw413585: > from=<ruiglopes@xxxxxxxxxxxxxxxx>, size=0, class=0, nrcpts=0, proto=ESMTP, > daemon=MTA, relay=adsl-66-73-195-63.dsl.chcgil.ameritech.net [66.73.195.63] > Jan 27 05:38:30 voyager sendmail[13590]: i0RAcU413590: lost input channel from > adsl-66-73-195-63.dsl.chcgil.ameritech.net [66.73.195.63] to MTA after rcpt > Jan 27 05:38:30 voyager sendmail[13590]: i0RAcU413590: > > What is the "lost input channel" mean? Does this mean someone try to probe > what user exists on my server? should I be worried? > > I just noticed also this happen to my other machine. One of the email got thru > and I received mail that contains file.zip and document.zip. I looked at the > header and it looks like it's from 66.73.195.63, althouh I know it can be > forged. This sounds like the mydoom worm: http://vil.nai.com/vil/content/v_100983.htm I don't know about the lost input channel, but the file names and account names match up. Ben -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
