I'll paste below the contents of the files John sent. To me, it appears to be a Viagra ad coming from a host in Spain, with a link to a website in Russia. What we're trying to determine is whether (1) Tux has been compromised by crackers and is being exploited as a spam relay, (2) we are receiving this message in error because Tux' mail server has been configured to relay Board messages, and the error was intended for the spammer, or (3) something went awry with Google's Gmail servers. Note, 204.225.221.10 is Tux' IP.
Thanks, Lisa ----------------------------------------------------------------------- Reporting-MTA: dns; tux.oclug.on.ca X-Postfix-Queue-ID: 612BE102889 X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Fri, 30 Jul 2010 00:31:20 -0400 (EDT) Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822; [email protected] Action: failed Status: 5.7.1 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.1 [204.225.221.10 7] Our system has detected an unusual rate of 550-5.7.1 unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk Email Senders Guidelines. a3si4446114bky.80 Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822; [email protected] Action: failed Status: 5.7.1 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.1 [204.225.221.10 7] Our system has detected an unusual rate of 550-5.7.1 unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk Email Senders Guidelines. a3si4446114bky.80 Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822; [email protected] Action: failed Status: 5.7.1 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.1 [204.225.221.10 7] Our system has detected an unusual rate of 550-5.7.1 unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk Email Senders Guidelines. a3si4446114bky.80 ----------------------------------------------------------------------- Received: by tux.oclug.on.ca (Postfix) id 612BE102889; Fri, 30 Jul 2010 00:31:20 -0400 (EDT) Delivered-To: [email protected] Received: by tux.oclug.on.ca (Postfix, from userid 2006) id 4F30510288A; Fri, 30 Jul 2010 00:31:20 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.1.7-deb3 (2006-10-05) on tux X-Greylist: delayed 301 seconds by postgrey-1.27 at tux; Fri, 30 Jul 2010 00:31:15 EDT Received: from 123.pool85-57-137.dynamic.orange.es (123.pool85-57-137.dynamic.orange.es [85.57.137.123]) by tux.oclug.on.ca (Postfix) with ESMTP id BCD3C102889 for <[email protected]>; Fri, 30 Jul 2010 00:31:15 -0400 (EDT) From: 094 VIAGRA о Official Site <[email protected]> To: [email protected] Subject: [email protected] VIAGRA о Official Site 75% 0FF MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <[email protected]> Date: Fri, 30 Jul 2010 00:31:15 -0400 (EDT) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml";> <head> <meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8"/> </head> <body> <table border="0" cellpadding="0" cellspacing="0" style="width: 896px"> <tr><td align="center" style="font: normal 11px Verdana, sans-serif; color: #333;"><a href="http://sfj.chickregion.ru?jxww"; style="text-decoration: none; color: #0099ff;">Please Click here!</td></tr> <tr><td align="center"> <br/> <a href="http://xom.chickregion.ru?yujs";><img alt="For board-members!" src="http://ala.chickregion.ru/t.gif"; style="border-width: 0px"/></a></td></tr> </table> </body> </html> ----------------------------------------------------- On 30 July 2010 17:38, Dave O'Neill <[email protected]> wrote: > On Fri, Jul 30, 2010 at 05:20:18PM -0400, Prof. John C Nash wrote: >> >> After some board discussion, we've decided to ask OCLUG mail gurus what is >> possibly going on. Seems TUX may be relaying some spam. Hopefully not >> compromised. > > The first thing to do is to have someone take a look at the mail logs on > Tux. It's entirely possible that there's no spamming going on -- Google > has been known to block legitimate low-volume mailing lists if a recipient > accidentally marks a message as spam once too many times. > > Cheers, > Dave > _______________________________________________ Linux mailing list [email protected] http://oclug.on.ca/mailman/listinfo/linux
![http://ala.chickregion.ru/t.gif"](http://ala.chickregion.ru/t.gif"){kind=link}