Konrad,
Are those all of the logs you have? I have often seen this when one of my local user accounts get compromised and they use SASL authentication to relay email through. You may have to turn on additional logging to see that. Sincerely, Rusty Nejdl On 2013-09-09 18:34, Konrad Olszewski [ETOP] wrote: > Hi > > I got 2 ASSP enabled server and... spammers without authentication, > without even mail from local domain sending tons of spam though this > no idea how : > > spam header examplme: > > Received: from User ([67.23.185.178] helo=User) by ASSP.nospam with SMTP > (2.3.4); 9 Sep 2013 16:52:00 +0200 > From: "FedEx"<onlineservi...@fedex.com> > Subject: You have one Pending Shipment > Date: Mon, 9 Sep 2013 07:52:14 -0700 > MIME-Version: 1.0 > Content-Type: text/html; > charset="Windows-1251" > Content-Transfer-Encoding: 7bit > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > > ASSP log shows like this > > Sep-09-13 16:52:10 [Worker_2] 67.23.185.178 <onlineservi...@fedex.com> to: > zha...@fountaincapital.com recipient accepted: zipr...@concentric.net > Sep-09-13 16:52:10 [Worker_2] 67.23.185.178 <onlineservi...@fedex.com> to: > zha...@fountaincapital.com [SMTP Reply] 250 ok > Sep-09-13 16:52:11 [Worker_2] 67.23.185.178 <onlineservi...@fedex.com> to: > zha...@fountaincapital.com [SMTP Reply] 354 go ahead > Sep-09-13 16:52:11 [Worker_2] [Local] 67.23.185.178 > <onlineservi...@fedex.com> to: zha...@fountaincapital.com local (no bad > attachments) [You have one Pending Shipment] -> notspam/870.eml > Sep-09-13 16:52:11 [Worker_2] [MessageOK] 67.23.185.178 > <onlineservi...@fedex.com> to: zha...@fountaincapital.com message ok [You > have one Pending Shipment] -> notspam/870.eml > Sep-09-13 16:52:11 [Worker_2] 67.23.185.178 <onlineservi...@fedex.com> to: > zha...@fountaincapital.com [SMTP Reply] 250 ok 1378738331 qp 12091 > Sep-09-13 16:52:11 [Worker_2] 67.23.185.178 <onlineservi...@fedex.com> to: > zha...@fountaincapital.com [SMTP Reply] 221 angel.etop.pl > Sep-09-13 16:52:11 [Worker_2] 67.23.185.178 <onlineservi...@fedex.com> to: > zha...@fountaincapital.com finished message - received DATA size: 8.37 kByte > - sent DATA size: 14.04 kByte > > none of those domains are on our server - how are they doing it ? > > -- > Serdecznie pozdrawiam, > Konrad Olszewski > > Etop Sp. z o.o. > Al. Jerozolimskie 200, 02-222 Warszawa > telefon 022-5780 100 > telefaks 022-5780 101 http://www.etop.pl [1] http://www.datahouse.pl [2]Regon > 016310320 NIP 522-25-50-755 KRS 0000029426 > Sąd Rejonowy dla m. st. Warszawy, XIII Wydział Gospodarczy KRS > Kapitał zakładowy 75000 PLN > Alior Bank S.A., konto nr 21 2490 0005 0000 4530 2063 5290 > > W liście datowanym 9 września 2013 (02:22:14) napisano: > >> Hi, > >> We are on ASSP Version: 1.98(13023) > >> I have since diagnosed and fixed the problem, I believe it was >> black.uribl.com which was rejecting our lookup due to our DNS server. > >> We use our ISP's DNS server and the black.uribl.com was always returning >> 127.0.0.1 to any lookup, this caused ASSP to mark it as bad. > From what I've read, *.uribl.com will return 127.0.0.1 when the DNS server > has requested too many lookups. > I have now changed to using a mirror for uribl.com (hh.uribl.com) and > hopefully that does not block our DNS server as we do not have a private one. > This is our list of service providers in ASSP now: multi.surbl.org=>>127.0.0.2=>1|multi.surbl.org=>127.0.0.4=>1|multi.surbl.org=>127.0.0.8=>1|multi.surbl.org=>127.0.0.16=>1|multi.surbl.org=>127.0.0.32=>1|multi.surbl.org=>127.0.0.64=>1|hh.uribl.com=>127.0.0.2=>1|hh.uribl.com=>127.0.0.4=>2 > Seems to be working fine now. > Thanks, > -- View this message in context: > http://anti-spam-smtp-proxy-server.996265.n3.nabble.com/URIBL-black-listing-9-10-domains-tp37350p37392.html > [3] Sent from the assp-test mailing list archive at Nabble.com. > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > [4] _______________________________________________ Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test [5] ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk [6] _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test [5] Links: ------ [1] http://www.etop.pl [2] http://www.datahouse.pl [3] http://anti-spam-smtp-proxy-server.996265.n3.nabble.com/URIBL-black-listing-9-10-domains-tp37350p37392.html [4] http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk [5] https://lists.sourceforge.net/lists/listinfo/assp-test [6] http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
