On Thu, 27 Feb 2003, Christopher Wagner wrote: > Good day all.. > > I'm encountering some rather annoying problems with my mail server. > > It appears as though someone is trying rather desperately to relay through > my mail server, and using multiple boxes from all over the place to do it. > They are all directed at pacbell.net and they're all from the commonly faked > mail from:'s (ie: hotmail, mindspring, earthlink) > > Logs: > > Feb 25 07:12:02 goober postfix/smtpd[31398]: reject: RCPT from > unknown[62.117.66.182]: 554 <idapaulat_private>: Recipient address > rejected: Relay access denied; from=<t1p2dj10xat_private> > to=<idapaulat_private> > -- > Feb 25 07:10:37 goober postfix/smtpd[31398]: reject: RCPT from > kamosbs.kamocci.or.jp[157.120.128.130]: 554 <gortonsat_private>: Recipient > address rejected: Relay access denied; from=<r275rmd0bat_private> > to=<gortonsat_private> These first two are open proxies. It seems a little odd that someone would abuse an open proxy and then look for open relays through it rather than do direct-to-MX spam from it. I wonder if that's intentional, accidental, or just a coincidence that they're open proxies. http://njabl.org/cgi-bin/lookup.cgi?query=157.120.128.130 http://njabl.org/cgi-bin/lookup.cgi?query=62.117.66.182 It can't hurt to look up the NIC contacts for them and send a complaint. ---------------------------------------------------------------------- Jon Lewis *jlewisat_private*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 10:01:17 PST