LogWatch
Posted: Sat Nov 10, 2007 10:40 am
by JasonWarren
Hi,
I have been working through my LogWatch and wondered if some one could tell me what the following entry means:
Too many hops:
26 (25 max): from <0964yahoo.denn@t-online.de> via localhost, to </dev/null@mail.mydomain.com>: 2 Time(s)
Thanks,
Jason
Posted: Sat Nov 10, 2007 11:35 am
by jaime.pinto
This could be a mail forwarding loop (mail is being forwarded to another mailbox, but is being returned to that original box and the loop begins), which when it exceeds the max hop count returns to sender. For example, email from A it sent to B which is forwarded to C. C is bogus or no longer active on C's server, so mail bounces back to B, gets forwarded to C again and so on. Look up the maillog, and you might find the offender.
Posted: Wed Nov 14, 2007 4:26 am
by JasonWarren
Hi Jaime,
I guess I type maillog at the command line and look for an entry which corresponds with
0964yahoo.denn@t-online.de?
Please can you let me know what I should I expect to see? and how I would proceed?
Any further advise would be appreciated.
Regards,
Jason
Posted: Wed Nov 14, 2007 8:55 am
by jaime.pinto
I think you could just send a test email to
0964yahoo.denn@t-online.de while keeping a tail -f /var/log/maillog and see what happens. Better yet is to find out who is forwarding to a bogus outside email address from *your* server, and remove that.
You may also just add a discard entry for
0964yahoo.denn@t-online.de in /etc/mail/access and don't think too muh about it anymore. If somebody complains then you'll know who the offender is.