[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Need some help on "spam" report

Subject: RE: [cobalt-users] Need some help on "spam" report
From: "Dan Kriwitsky" <list3@xxxxxxxxxxxxxxxxxxxx>
Date: Tue Apr 20 11:42:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> Hi Folks,
> 
> I got a report that our Qube had been used for Spam and as 
> far as I know it is locked down pretty tight so I don't know 
> what to make of this. I had one person on the Dshield list 
> say to check the maillogs and I tried that but they only go 
> back to 4/16 and this happened on 4/13. Then someone else 
> just noted that they are not aware of any way to spoof the 
> "NNTP-Posting-Host" that shows our IP address in this email 
> and "You'll have to look for outbound HTTP connections to 
> posting.google.com from your IP, not SMTP transactions."
> 
> So how do I do that ?
> 
> And is there a way to keep logs from rolling off so fast ?
> 
> Thanks and here is the original email notice I received:

Is 216.37.48.203 your IP?

Is that the only complaint? I'm not sure how easy it would be to fool
Google for the NNTP posting host. It's a Usenet posting, not email spam
relay.

If the tail -f of the maillog is too fast, you can always do:
tail -n 1000 /var/log/maillog to see the last 1000 lines.

-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.

Follow-Ups:
- RE: [cobalt-users] Need some help on "spam" report
  - From: Chuck Lewis

References:
- [cobalt-users] Need some help on "spam" report
  - From: Chuck Lewis

Prev by Date: RE: [cobalt-users] (RAQ4) Maillog sasldb error
Next by Date: Re: [cobalt-users] Need some help on "spam" report
Previous by thread: [cobalt-users] Need some help on "spam" report
Next by thread: RE: [cobalt-users] Need some help on "spam" report

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index