Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!news.kei.com!newsfeed.internetmci.com!uuneo.neosoft.com!news.sesqui.net!uhura.phoenix.net!pflores
From: pflores@alpha1.phoenix.net (Paul Flores)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Mail......What does this mean??
Date: 13 Jul 1996 13:35:18 GMT
Organization: Phoenix Data Net (713) 486-8337 http://www.phoenix.net
Lines: 23
Message-ID: <4s88mm$2oe@uhura.phoenix.net>
References: <31e6811d.21963902@news.hq.af.mil>
NNTP-Posting-Host: alpha1.phoenix.net
X-Newsreader: TIN [version 1.2 PL2]
Scott Gregory (sgregory@pubspo.hq.af.mil) wrote:
: Three lines like this (names have been changed to protect the guilty
: :-) ) appeared in my /var/log/maillog.
: Jul 12 10:38:43 my.sys.name sendmail[17654]: foo.bar
: [123.123.123.123]: vrfy lhammer
: Each entry had a different last word (I assume this is a username?).
: What does this mean?? I know date, time, sys name, log entry,
: offending system, translated address, but what are they doing with
: "vrfy lhammer"
Looks to me like someone is checking usernames via sendmail, maybe you have
finger turned off? I would wonder if you got a whole bunch of these all at
once.. someone is taking a close look at you users.
--
"I've Always been easy, just never cheap!"
------
ME!