[cobalt-users] Annoying email "service" seems to be "servicing" my RaQ3

[Cobalter <nospam@xxxxxxxxxxxx>]

Is there ANY way to effectively keep this site from SYN'ing my sendmail 
server?? I've added his IP address to the /etc/mail/access list, the 
hosts.deny list, the GUI reject list, and STILL it seems like I've got a 
leech on me! Pop-before-smtp doesn't keep 'em from trying, either...

Not sure what they're up to, but they're ALWAYS freakin' there with an open 
connection, and I want them gone. (By the way, this box is on an IP address 
that was hacked a few weeks ago, and it keeps "disappearing" every once in 
a while (See "The case of the missing remote Raq" elsewhere on this list), 
and I don't trust anybody that touches it now...) Any idea what they're 
after? As far as I can tell, there are no open relays on this box...

In ps, they show up like this...

	root     21003  0.0  0.9  2388 1232 ?        S    12:15   0:00 sendmail: 
OAA15019 a.mx.quickydeals.com.: user open

In netstat, like this...

	tcp        0      1 www.xxxxxx.com:xxxx mailer.hispeedoffe:smtp SYN_SENT


(Instead of quickydeals.com, they sometimes show up as yesdeals.net, 
wowdeals.net, hispeedoffers.com, etc. But still, it's always the same IP 
address, 64.32.63.34, which resolves to mailer.hispeedoffers.com ). 
Regardless, I'm sure they have nothing of interest to me or my clients, and 
enough is enough. They've been hanging on for weeks now. Killing their 
process doesn't seem to stop 'em.

Any help would be appreciated. Thanks!




I-------------------------------------------------