Security Incidents mailing list archives
Re: Mail Issue
From: Charles_Ebinger () Lenox com
Date: Mon, 30 Jul 2001 14:44:50 -0400
Is it possible someone is trying to use your SMTP gateway as a relay server for SPAM??? Charlie From: Stephen Malenshek <stephen () valuelinx net> on 07/29/2001 10:55 PM To: incidents () securityfocus com cc: (bcc: Charles Ebinger/Lenox) Subject: Mail Issue I sent this same information along with the detailed logs to Road Runner, but I have yet to hear anything back. In the last 24 hours, my mail server has denyied over 52,000 messages from this address. I have added deny lists to the firewall, but it does not match the addresses listed here. Does anyone have any ideas of what is happening here? Thanks in advance for any assistance given. Jul 29 21:39:57 pop3 sendmail[31890]: f6U2duU31890: from=<ellievowell () hotmail com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=dt181nd1.tampabay.rr.com [24.92.209.209] Jul 29 21:39:59 pop3 sendmail[31900]: f6U2dwU31900: ruleset=check_rcpt, arg1=<rstelz () concentric net>, relay=dt181nd1.tampabay.rr.com [24.92.209.209], reject=550 5.7.1 <rstelz () concentric net>... Relaying denied Jul 29 21:39:59 pop3 sendmail[31900]: f6U2dwU31900: lost input channel from dt181nd1.tampabay.rr.com [24.92.209.209] to MTA after rcpt ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Mail Issue Stephen Malenshek (Jul 30)
- Re: Mail Issue Harri Nyman (Jul 30)
- Re: Mail Issue Gary Maltzen (Jul 31)
- <Possible follow-ups>
- Re: Mail Issue Charles_Ebinger (Jul 30)