Disregard this. Someone has been forging my domain into their e-mails, the below are just bounces from someone sending mail to suse with my domain from fake addresses. I hate spammers. Quoting suse@rio.vg:
Over the past two days, one of my servers has been getting connections from ns.suse.de attempting to send mail to strange addresses in my domain.
For instance: Mar 11 09:56:38 shadow postfix/smtpd[17219]: connect from ns.suse.de[195.135.220.2] Mar 11 09:56:38 shadow postfix/smtpd[17219]: 9AED41E4F2: client=ns.suse.de[195.135.220.2] Mar 11 09:56:39 shadow postfix/smtpd[17219]: 9AED41E4F2: reject: RCPT from ns.suse.de[195.135.220.2]: 450 <20040203131322.ckkgoccks8owc80s@rio.vg>: User unknown in local recipient table; from=<> to=<20040203131322.ckkgoccks8owc80s@rio.vg> proto=ESMTP helo=<Cantor.suse.de> Mar 11 09:56:41 shadow postfix/smtpd[17219]: disconnect from ns.suse.de[195.135.220.2]
As "ns.x.x" is generally the nameserver, I assume that SuSE would be running linux on such a server. Over the past two days, I have recieved over a dozen of these attempts.
I've sent an e-mail to security@suse.com and abuse@suse.com, but I thought it might be wise to also give a heads up to the list.
Is anyone else getting these connections? Has ns.suse.de been owned by nefarious parties? Or is this some new exploit in postfix or even a linux worm?
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here