[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] spam relaying

Subject: [cobalt-users] spam relaying
From: "Manny Tau" <mtau@xxxxxxx>
Date: Sat Apr 12 01:00:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Ugh, after been working on this throughout the day, my 550 is still been
used as a spam relay.

I've checked with http://www.abuse.net/relay.html and it says "All tests
performed, no relays accepted."

My 550 settings for now:
Pop Authenticated Relaying turned on.
IP Address Allocation turned on with the beginning and end range with my
single IP address.
I made sure that my /etc/mail/access only has my full IP set for relay, and
not just the first 3 quad numbers.
The 550 is fully patched, including a recent Sun sendmail patch, and after
the Sun patch, installed RaqTweak's newest sendmail patch to address CERT
CA-2003-12, which the latest Sun sendmail patch doesn't address.

But I'm still getting spam relaying activity.

Any suggestions and how to plug this up?

Here's the latest 5 entries from my log...it has different sources in the
'relay=' as opposed to a single culprit, like I had earlier today but
plugged up that hole.

Apr 12 00:40:41 www sendmail[12685]: h3AISwH10973:
to=<bdautreuil@xxxxxxxxxxxxxxxxxxxxx>, delay=1+13:11:42, xdelay=00:03:09,
mailer=esmtp, pri=9001246, relay=home.worldnet.att.net. [204.127.135.37],
dsn=4.0.0, stat=Deferred: Connection timed out with home.worldnet.att.net.

Apr 12 00:40:43 www sendmail[12685]: h3AJwiH16784: to=<whipit@xxxxxxxxxxxx>,
delay=1+11:41:59, xdelay=00:00:02, mailer=esmtp, pri=9001271,
relay=multipro.com.mail1.psmtp.com. [12.158.34.245], dsn=4.2.0,
stat=Deferred: 450 <whipit@xxxxxxxxxxxx>: User unknown in local recipient
table

Apr 12 00:40:43 www sendmail[12685]: h3ALJIH21821: to=<gravediger67@xxxxxx>,
delay=1+10:21:25, xdelay=00:00:00, mailer=esmtp, pri=9030953,
relay=webmailmta.go.com. [199.181.134.14], dsn=4.2.1, stat=Deferred: 452
4.2.1 Mailbox for gravediger67 is not available. Please advise the recipient
of this email gravediger67 to contact Customer Support at mail@xxxxxxxxxxx
for assistance

Apr 12 00:40:43 www sendmail[12685]: h3AMRMH26096:
to=<oriolphin@xxxxxxxxxxx>, delay=1+09:13:21, xdelay=00:00:00, mailer=esmtp,
pri=9030972, relay=gateway.net., dsn=4.0.0, stat=Deferred: Connection timed
out with gateway.net.

Apr 12 00:40:43 www sendmail[12685]: h3AIx1H12885: to=<ibn@xxxxxxxxxxx>,
delay=1+12:41:41, xdelay=00:00:00, mailer=esmtp, pri=9060945,
relay=gateway.net., dsn=4.0.0, stat=Deferred: Connection timed out with
gateway.net.

Thnx for any help!
Manny

Follow-Ups:
- RE: [cobalt-users] spam relaying
  - From: Manny Tau

Prev by Date: [cobalt-users] I've Been Hacked
Next by Date: [cobalt-users] Renumbering cobalt raq 550
Previous by thread: [cobalt-users] RAQ550 cron job not running error reported
Next by thread: RE: [cobalt-users] spam relaying

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index