[brlug-general] is google really spamming?

Thu, 28 Feb 2008 09:47:39 -0800 

Nice! A box was under an apparent DNS attack. Here is a tiny sample of what was 
found.

Feb 27 15:05:39 interceptor3 postfix-rx/smtpd[5192]: timeout after 
END-OF-MESSAGE from py-out-1112.google.com[64.233.166.179]
Feb 27 15:05:39 interceptor3 postfix-rx/smtpd[5192]: disconnect from 
py-out-1112.google.com[64.233.166.179]
Feb 27 15:07:36 interceptor3 postfix-rx/smtpd[6839]: connect from 
py-out-1112.google.com[64.233.166.179]
Feb 27 15:07:39 interceptor3 postfix-rx/smtpd[6839]: NOQUEUE: discard: RCPT 
from py-out-1112.google.com[64.233.166.179]: <[EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]>>: Receipient Address rxx-002-d17; from=<> to=<[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> proto=ESMTP helo=<py-out-1112.google.com>
Feb 27 15:07:39 interceptor3 postfix-rx/smtpd[6839]: E948CE4746: 
client=py-out-1112.google.com[64.233.166.179]
Feb 27 15:07:52 interceptor3 postfix-rx/smtpd[6839]: timeout after 
END-OF-MESSAGE from py-out-1112.google.com[64.233.166.179]
Feb 27 15:07:52 interceptor3 postfix-rx/smtpd[6839]: disconnect from 
py-out-1112.google.com[64.233.166.179]
Feb 27 15:35:46 interceptor3 postfix-rx/smtpd[6889]: connect from 
py-out-1112.google.com[64.233.166.179]
Feb 27 15:35:46 interceptor3 postfix-rx/smtpd[6889]: NOQUEUE: discard: RCPT 
from py-out-1112.google.com[64.233.166.179]: <[EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]>>: Receipient Address rlx-102-d22; from=<> to=<[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> proto=ESMTP helo=<py-out-1112.google.com> Feb 27 
15:35:46 interceptor3 postfix-rx/smtpd[6889]: 9EC4DE46C2: 
client=py-out-1112.google.com[64.233.166.179]
Feb 27 15:35:56 interceptor3 postfix-rx/smtpd[6889]: NOQUEUE: discard: RCPT 
from py-out-1112.google.com[64.233.166.179]: <[EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]>>: Receipient Address rzx-801-d1h; from=<> to=<[EMAIL PROTECTED]

There are about 2K rejections an hour from google alone. Already looked into 
DNS posioning. Mailer daemons due to domain spoofing hopefully is the reason. 
Does anyone know anything about this?

Alvaro Zuniga

_______________________________________________
General mailing list
[email protected]
http://mail.brlug.net/mailman/listinfo/general_brlug.net

Reply via email to