[OT?] strange /root/dead.letter file

Miguel Koren O'Brien de Lacy miguelk at KONSULTEX.COM.BR
Thu Feb 24 11:23:12 GMT 2005

I use tripwire to monitor file integrity. This morning it pointed to the 
existence of a dead.letter file in the /root directory, the ones I get 
when I abort a pine session. This file has the content of a typical spam 
email, directed outside our domains from outside our server. If I search 
the maillog for the message ID in the header I get this:

Feb 24 03:30:53 rivendell sendmail[32044]: j1O4Uftl032044: timeout 
waiting for input from 200-161-96-153.dsl.telesp.net.br during message 
Feb 24 03:30:53 rivendell sendmail[32044]: j1O4Uftl032044: 
from=<root at konsultex.com.br>, size=1398, class=0, nrcpts=1, 
msgid=<200502240430.j1O4Uftl032044 at rivendell.konsultex.com.br>, 
proto=SMTP, daemon=MTA, relay=200-161-96-153.dsl.telesp.net.br 
Feb 24 03:30:53 rivendell sendmail[32044]: j1O4Uftl032044: 
to=<root at konsultex.com.br>, delay=02:00:03, pri=30170, stat=timeout 
waiting for input during message collect

Since this is definitely not a time when anyone on this server would be 
using pine, especially as root. Is it possible that Mailscanner causes 
this? To me it looks like a relay attempt that was blocked by sendmail 
itself. But why would it generate a dead.letter file?


Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list