SYSERR(root): MX

Hello guys, I have a weird one. I have a server that is getting hit by spam
somehow. The error I got is that SYSERR(root) MX for the alleged sending
domain points back to my server domain which is not the case. I have no
entries n=in my dns for tomail.com.tw. Any ideas how this be happending?

Nov 21 01:16:40 msi sendmail[12222]: lAL6GeuJ012222: Milter: no active
filter
Nov 21 01:16:44 msi sendmail[12238]: NOQUEUE: connect from
mailfilter2.tellurian.net [216.182.1.66]
Nov 21 01:16:48 msi sendmail[12222]: lAL6GeuJ012222:
from=, size=2627, class=0, nrcpts=14,
msgid=, bodytype=8BITMIME, proto=SMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: SYSERR(root): MX list
for tomail.com.tw. points back to msi.mydomain.com
Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222:
to=,,,,,,,,,,,,,,
delay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=512627,
relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error
Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: alias postmaster =>
root
Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: alias root => admin
Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: lAL6GouJ012274: DSN:
Local configuration error

Regards,
bl

Re: SYSERR(root): MX list for .. points back to

Here is another one, this one is supposed to come from 127.0.0.1 which I
cannot find out how.

Nov 21 01:28:50 msi sendmail[14901]: lAL6SouI014901: Milter: no active
filter
Nov 21 01:28:54 msi sendmail[14901]: lAL6SouI014901:
from=, size=2007, class=0, nrcpts=1,
msgid=<200711210628.lAL6SouI014901@msi.msi.mydomain.com>, bodytype=8BITMIME,
proto=SMTP, daemon=MTA, relay=localhost [127.0.0.1]
Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: SYSERR(root): MX list
for tomail.com.tw. points back to msi.msi.mydomain.com
Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901:
to=, delay=00:00:03, xdelay=00:00:02, mailer=esmtp,
pri=122007, relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error
Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: alias postmaster =>
root
Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: alias root => admin
Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: lAL6SuuI014916: DSN:
Local configuration error

Regards,
bl

> Hello guys, I have a weird one. I have a server that is getting hit by
> spam somehow. The error I got is that SYSERR(root) MX for the alleged
> sending domain points back to my server domain which is not the case. I
> have no entries n=in my dns for tomail.com.tw. Any ideas how this be
> happending?
>
> Nov 21 01:16:40 msi sendmail[12222]: lAL6GeuJ012222: Milter: no active
> filter
> Nov 21 01:16:44 msi sendmail[12238]: NOQUEUE: connect from
> mailfilter2.tellurian.net [216.182.1.66]
> Nov 21 01:16:48 msi sendmail[12222]: lAL6GeuJ012222:
> from=, size=2627, class=0, nrcpts=14,
> msgid=, bodytype=8BITMIME, proto=SMTP,
> daemon=MTA, relay=localhost [127.0.0.1]
> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: SYSERR(root): MX list
> for tomail.com.tw. points back to msi.mydomain.com
> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222:
> to=,,,,,,,,,,,,,,
> delay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=512627,
> relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error
> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: alias postmaster =>
> root
> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: alias root => admin
> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: lAL6GouJ012274: DSN:
> Local configuration error
>
> Regards,
> bl

Re: SYSERR(root): MX list for .. points back to

In writes:

>Here is another one, this one is supposed to come from 127.0.0.1 which I
>cannot find out how.

127.0.0.1 is the loopback interface on your mail server. The message you see
is entirely accurate -- when your mail server resolves tomail.com.tw it sees
that it is been told to connect to itself via the loopback interface.
Spammers know they need to have a legitimate domain on the return address but
they don't actually want to receive any mail replies so they setup the MX
record for the domain they are using to reference the 127.0.0.1 loopback
address.

>Nov 21 01:28:50 msi sendmail[14901]: lAL6SouI014901: Milter: no active
>filter
>Nov 21 01:28:54 msi sendmail[14901]: lAL6SouI014901:
>from=, size=2007, class=0, nrcpts=1,
>msgid=<200711210628.lAL6SouI014901@msi.msi.mydomain.com>, bodytype=8BITMIME,
>proto=SMTP, daemon=MTA, relay=localhost [127.0.0.1]
>Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: SYSERR(root): MX list
>for tomail.com.tw. points back to msi.msi.mydomain.com
>Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901:
>to=, delay=00:00:03, xdelay=00:00:02, mailer=esmtp,
>pri=122007, relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error
>Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: alias postmaster =>
>root
>Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: alias root => admin
>Nov 21 01:28:56 msi sendmail[14916]: lAL6SouI014901: lAL6SuuI014916: DSN:
>Local configuration error

>Regards,
>bl

>> Hello guys, I have a weird one. I have a server that is getting hit by
>> spam somehow. The error I got is that SYSERR(root) MX for the alleged
>> sending domain points back to my server domain which is not the case. I
>> have no entries n=in my dns for tomail.com.tw. Any ideas how this be
>> happending?
>>
>> Nov 21 01:16:40 msi sendmail[12222]: lAL6GeuJ012222: Milter: no active
>> filter
>> Nov 21 01:16:44 msi sendmail[12238]: NOQUEUE: connect from
>> mailfilter2.tellurian.net [216.182.1.66]
>> Nov 21 01:16:48 msi sendmail[12222]: lAL6GeuJ012222:
>> from=, size=2627, class=0, nrcpts=14,
>> msgid=, bodytype=8BITMIME, proto=SMTP,
>> daemon=MTA, relay=localhost [127.0.0.1]
>> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: SYSERR(root): MX list
>> for tomail.com.tw. points back to msi.mydomain.com
>> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222:
>> to=,,,,,,,,,,,,,,
>> delay=00:00:07, xdelay=00:00:02, mailer=esmtp, pri=512627,
>> relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error
>> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: alias postmaster =>
>> root
>> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: alias root => admin
>> Nov 21 01:16:50 msi sendmail[12274]: lAL6GeuJ012222: lAL6GouJ012274: DSN:
>> Local configuration error
>>
>> Regards,
>> bl


--
John Stewart -- Computing and Communications Services, Carleton University
Internet: jstewart@connect.carleton.ca 613-520-2600x3707
"Take time to stop and pick the blueberries."

Re: SYSERR(root): MX list for .. points back to

"John A. Stewart" wrote in message
news:fi1a0a$3fu$1@driftwood.ccs.carleton.ca...
> In
writes:
> >Here is another one, this one is supposed to come from 127.0.0.1 which I
> >cannot find out how.
>
> 127.0.0.1 is the loopback interface on your mail server. The message you see
> is entirely accurate -- when your mail server resolves tomail.com.tw it sees
> that it is been told to connect to itself via the loopback interface.
> Spammers know they need to have a legitimate domain on the return address but
> they don't actually want to receive any mail replies so they setup the MX
> record for the domain they are using to reference the 127.0.0.1 loopback
> address.

Note that spamming isn't the only use of a loopbacked MX record.

It has a legitimate use: To deny outside mail from being received on hosts that
have to run a mail server to deliver locally generated mail to other hosts such
as cron job output, webmail forms, and various status reports. Firewalling off
port 25 from outside IP's still incurs the cost of the incoming packets hitting
the firewall, and for those who get charged based on bandwidth used, preventing
mail from being sent in the first place is what is really needed. "hostname IN
MX 0 localhost" accomplishes this.