Security Incidents mailing list archives
Re: FW: Postmaster notify: User unknown
From: Mike Lewinski <mike () ROCKYNET COM>
Date: Tue, 19 Dec 2000 10:25:19 -0700
This mail appeared in my Inbox last Friday morning. I present this
unto
you all for your evaluation and recommendation. I believe an
intruder
has accessed my email server for their own purposes. Am I correct?Looks like some bottom-feeding spammer tried to use your mail system as a third-party relay. Worse, it looks like the attempt was successful. You're probably going to get some pretty rabid hate mail
from
the victims of the spam run soon, if not inclusion in the ORBS
database. Equally possible, the bottom-feeder is forging his return address and relaying elsewhere. I didn't see anything in the original post that necessarily indicated it was an open relay problem on the poster's end. However, a manual check shows that it is indeed open and the likely explanation... 220 nsw.gbmlogic.com.au ESMTP Techlink IAS Sendmail; Wed, 20 Dec 2000 04:20:03 +1100 MAIL FROM: <> 250 <>... Sender ok RCPT TO: <> 250 <me () mydomain com>... Recipient ok Properly configured, the last line would be: 550 <me () mydomain com>... Relaying denied Instructions for fixing this problem can be found here: http://www.mail-abuse.org/tsi/ Mike
Current thread:
- FW: Postmaster notify: User unknown Paul Snedden (Dec 18)
- Re: FW: Postmaster notify: User unknown Jay D. Dyson (Dec 19)
- Re: FW: Postmaster notify: User unknown Mike Lewinski (Dec 19)
- Re: FW: Postmaster notify: User unknown Mark Durham (Dec 19)
- Re: FW: Postmaster notify: User unknown Nexus (Dec 19)
- Re: FW: Postmaster notify: User unknown Jim Roland (Dec 19)
- Re: FW: Postmaster notify: User unknown RC (Dec 19)
- Re: FW: Postmaster notify: User unknown Jim Roland (Dec 19)
- <Possible follow-ups>
- Re: Postmaster notify: User unknown Mark Collins (Dec 19)
- Re: Postmaster notify: User unknown Jay D. Dyson (Dec 19)
- Re: FW: Postmaster notify: User unknown Jay D. Dyson (Dec 19)