connection refused by 127.0.0.1

Kevin Miller Kevin_Miller at ci.juneau.ak.us
Tue May 16 20:02:44 IST 2006 

It was pre-MailScanner days.  Can't remember what I was running back
then, but it was a lot dumber than sendmail and MailScanner.  Anyway,
the message came in, and the system either was replying to an unknown
user, or was bouncing spam - can't remember which.  Seems like back in
those days there was a lot less forging going on and a lot more spam
bouncing.  Anyway, the system got the mail, decided to return it,
replying to spammer at funkydomain.com.  funkydomain.com's MX resolved to
127.0.0.1, so the braindead system I was running contacted itself,
accepted the mail, noticed that it didn't have a valid user named
spammer at funkydomain.com so sent an NDR, which went to itself, it replied
again, etc.  Eventually it ran out of disk space.  It was really obvious
what the domain name was as all the messages were addressed to it.
Kinda funny looking back at it.

I just pulled the network cable, cleaned out the queues, blacklisted the
sending domain and restarted.  It wasn't long after that that I began
looking around for a new system!  After I sent my reply yesterday I got
to thinking that this probably wasn't your trouble, as modern MTAs are
smarter than that and will detect a mail loop after a few iterations.

FWIW, the offending domain was demolish.com (managed by
bluegravity.com), and nomail.bluegravity.com.  Doing a quick dig in Sam
Spade shows that nomail.bluegravity.com is still blackholed.  They've
earned a permanent blacklisting in my access file:

Dig nomail.bluegravity.com at ns2.bluegravity.com (64.57.64.3) ...
 Query for nomail.bluegravity.com type=255 class=1
  nomail.bluegravity.com A (Address) 127.0.0.1
  bluegravity.com NS (Nameserver) ns1.bluegravity.com
  bluegravity.com NS (Nameserver) ns2.bluegravity.com
  ns1.bluegravity.com A (Address) 64.57.64.2
  ns2.bluegravity.com A (Address) 64.57.64.3

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
 
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of JD
Doelitzsch
Sent: Tuesday, May 16, 2006 10:24 AM
To: MailScanner discussion
Subject: RE: connection refused by 127.0.0.1

Wow thats pretty interesting, how did you find that out?? did you have
to go
to all of the domains listed in the messages?

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Kevin
Miller
Sent: Monday, May 15, 2006 1:25 PM
To: MailScanner discussion
Subject: RE: connection refused by 127.0.0.1


JD Doelitzsch wrote:
> Im getting alot of messages filling up my logs with status deferred
> connection refused by 127.0.0.1 why would MS send to its loopback?
> and why wouldn't it accept it?
>
> -JD

Don't know if it's the case here, but check the domain.  I had a case
some time ago where the spammer had a MX records in their DNS that
resolved to 127.0.0.1 so any reply mail/bounces, etc. would never leave
the server.  Pretty sleazy.  I blacklisted the domain in sendmail's
access table.  May be something similar going on here...

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list