[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Email Trap ( Tripwire?) block spammers

Subject: Re: [cobalt-users] Email Trap ( Tripwire?) block spammers
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed Feb 20 17:57:05 2002
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Dan Kriwitsky wrote:

> > You mean he just added an MX record to his DNS with your IP#?
> >
> > How did you happen to notice it?
> >
> > Offlist is fine if you don't want to publicize details.
> >
> Since I had just moved to a new server I was watching via SSH tail -f
> /var/log/maillog and kept seeing the same thing over and over. (Similar
> to below) I added the IP to the deny list in the email control panel.

Unless his domains and/or IP#s were in your "Relay For" list, I can't
see how he could use your system for a backup.

> I
> contacted his ISP who said he had trouble with this customer before and
> somehow had put my IP in as a backup for sending mail.

The ISP had, or the customer had?  Nevertheless your box is set to not
relay, so it shouldn't have made a difference.

> He claimed that
> he was buying some kind of service so he was allowed.

Again, the customer?  Or the ISP?

> Maybe whoever used
> to own my IP had some kind of spam service, although I can't find my IP
> in any Usenet archive where I would expect it.

If either claimed he was buying a service and was allowed then it's
possible your IP# had been used by a backup email service.

> Finally, after seeing the
> entry below every 2 seconds, his ISP turned off his server. (He sounded
> quite upset.)
> Now all I see are my customer's logging in, mail coming in, (some spam
> being rejected as below), and it's a lot more quiet.

Okay, looking at your log snippet, you weren't actually doing the relay,
so your settings were fine.  I thought he was succeeding.  That's what I
was concerned about.

Jeff

> Feb 18 15:55:35 admin sendmail[21250]: g1ILtZN21250:
> from=<newsletter1@xxxxxxxxxxxxxxxxxxxxxx>, size=0, class=0, nrcpts=0,
> proto=ESMTP, daemon=MTA, relay=[64.219.175.153]
> Feb 18 15:57:38 admin sendmail[21369]: g1ILvcN21369:
> ruleset=check_mail,arg1=<newsletter1@xxxxxxxxxxxxxxxxxxxxxx>,
> relay=[64.219.175.153], reject=550 5.0.0
> <newsletter1@xxxxxxxxxxxxxxxxxxxxxx>...Mail rejected due to possible
> SPAM
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

References:
- RE: [cobalt-users] Email Trap ( Tripwire?) block spammers
  - From: Dan Kriwitsky

Prev by Date: RE: [cobalt-users] Email Trap ( Tripwire?) block spammers
Next by Date: [cobalt-users] Pop before SMTP ... can't be turned off?
Previous by thread: RE: [cobalt-users] Email Trap ( Tripwire?) block spammers
Next by thread: Re: [cobalt-users] Email Trap ( Tripwire?) block spammers

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index