Security Basics mailing list archives

RE: How is it possible?

From: "Joe Osborn" <joe.osborn () codejock com>
Date: Thu, 12 May 2005 16:50:32 -0500

Your logs should show you the SMTP username he is authenticating with.  If
it doesn't, you are an open relay.

Joe Osborn
Codejock Software

-----Original Message-----
From: Monty Ree [mailto:chulmin2 () hotmail com] 
Sent: Thursday, May 12, 2005 5:31 AM
To: security-basics () securityfocus com
Subject: How is it possible?

Hello, all.

I have operated smtp server and allow smtp function to my clients(over 
5,000) using one id/p auth.(smtp auth)

But, some user(I don't know him) sends lots of spam mails through this smtp 
server so I  have filtered that IP addr. then after some minutes he send 
spam mails again using other IP address which  is not same network range.
for example, 

He sends spams like this..

1.1.1.1 --> I filtered, then after 1-2 minutes later  
2.2.2.2 -->  I filtered, then after 1-2 minutes later  
3.3.3.3 -->  I filtered, then after 1-2 minutes later  
4.4.4.4 -->  I filtered, then after 1-2 minutes later  
5.5.5.5  ......

Surely, all IPs are one ISP network but network range is not same...

The spammer using proxy server? 

How is it possible? and how to solve against this attack?

Thanks in advance.

_________________________________________________________________
상큼한 만남과 따뜻한 공동체 생활...  지금 MSN 커뮤니티에서 시작하세요!   
http://groups.msn.com/?pgmarket=ko-kr

Current thread:

How is it possible? Monty Ree (May 12)
- RE: How is it possible? Joe Osborn (May 13)
- Re: How is it possible? Dave Aronson (May 13)
- Re: How is it possible? Micheal Espinola Jr (May 13)