[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] sendmail log: collect: premature EOM: unexpected close

Subject: Re: [vps-mail] sendmail log: collect: premature EOM: unexpected close
From: Abigail Marshall <webmaster@xxxxxxxxxxxx>
Date: Sat, 23 Aug 2003 16:28:23 -0700

MF> <XX>Aug 23 14:39:06 sendmail[46073]: h7NCcwUI046073: collect: premature EOM: unexpected close
MF> <XX>Aug 23 14:39:06 sendmail[46073]: h7NCcwUI046073: collect: unexpected close on connection from boydsauc-adsl.adsl.esat.net,
MF> sender=<Rbrbill@xxxxxxx>
MF> <XX>Aug 23 14:39:06 sendmail[46073]: h7NCcwUI046073: from=<Rbrbill@xxxxxxx>, size=5, class=0, nrcpts=1, proto=ESMTP,
MF> relay=boydsauc-adsl.adsl.esat.net [193.120.95.118] (may be forged)
MF> <XX>Aug 23 14:41:38 sendmail[46606]: h7NCfYBa046606: collect: premature EOM: unexpected close

MF> In these days we notice a hugh number of log entrys
MF> shown above. Is this a new spamming technology?

This is the similar to the problem I was having, and I am
pretty sure that at least some was coming from Sobig
infected computers.

The reason why I think that is that I saw some (but not all)
of the emails showing up in the from= field for similar
entries in my messages file also showing up in my virus log,
so the same emails that caused these repeated (about 1700+
daily) sendmail entries also generated some apparently
Sobig-infected email.

This was resolved completely for me by following Bruce
Armstrong's suggestion, and denying SMTP access to these IPs
via the hosts.allow file. (If you have a VPS2 and don't have
the tcp wrapper, you can also REJECT via the Sendmail Access
file - same result).

It's possible that this could also be caused by normal
internet issues, so I wouldn't worry about it for just a
handful of entries. But if a grep shows that you are getting
repeated messages like this from the same IP, then the
REJECT/deny approach seems to be the best.  In any case, my
problem has gone away.

-Abigail

======================================================================
Technical questions regarding this list may be sent to
<vps-mail-owner@xxxxxxxxxxxx>. You may request an automated help
response by sending an email with the word 'help' (w/o quotes) in the
BODY of the message (subject is ignored) to <vps-mail-request@xxxxxxxxxxxx>.
======================================================================

References:
- [vps-mail] sendmail log: collect: premature EOM: unexpected close
  - From: Martin Fischer

Prev by Date: [vps-mail] sendmail log: collect: premature EOM: unexpected close
Next by Date: Re: [filtered-ww] [vps-mail] Issue re sendmail/ abuse (attempted relay????)
Previous by thread: [vps-mail] sendmail log: collect: premature EOM: unexpected close
Next by thread: Re: [filtered-ww] [vps-mail] Issue re sendmail/ abuse (attempted relay????)
Index(es):
- Date
- Thread

Main Index | Thread Index