Correos y spam

Thu, 23 Oct 2008 10:31:58 -0700

Salian correos con un usuario en particular, si me fijo en el encabezado dice que usa como useragent a squirrelmail user credondo. Mi pregunta es: si no hay open relay, y en main.cf mydestination esta de esta forma: mydestination = $mydomain, myhostname , localhost .. la opcion mynetworks = 192.168.0.0 ,127.0.0.1 como se entiende que salgan correos con dominio que no sean el propio? Aqui les dejo parte del log de postfix y el mail de la lista negra que me mando avisandome en ese orden. La manera en que lo solucioné de momento es cambiando la contraseñan de correo, asi no puede enviar correo ni con el webmail, ni autorizando con sasl, ya que me olvide de decirles que el usuario está fuera de mi lan , asi que le habia habilitado una cuenta con sasl2 
Desde ya muchas gracias




Mail de lista negra.
his is an automated email abuse report from the folks at junkemailfilter.com for an email message received from IP address [201.251.7.126] on Wed, 22 Oct 2008 17:12:05 -0700. 
The nature of this spam indicates possible fraud. Pay close attention to both the from address 
]"THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]>] and the reply-to address 
[].

We hope this information will help you in determining the source of the problem 
and shut it down. The original message is attached in MIME format with complete 
headers. For more information about this standardized abuse report format [ARF] 
please visit http://www.mipassoc.org/arf/ If you would prefer abuse reports in 
text format let us know.

If you have any questions or feedback about this abuse report or are interested 
in learning about our spam filtering technology feel free to contact us. If 
this is not spam please accept our apologies and let us know so we can fix the 
problem. Pay close attention to the REASON listed.
Marc Perkel - Fearless Leader
Junk Email Filter dot com
http://www.junkemailfilter.com

* Date:    Wed, 22 Oct 2008 17:12:05 -0700
* From:    "THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]>
* Subject: Dear Lottery Winner,
* Host:    mail.royalmercosur.com [201.251.7.126]
* Reason:  419scam Freemail - Reply-to does not match From - [EMAIL PROTECTED] F="THE 
CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com 
[201.251.7.126] HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] T=[acordov

For more information about these abuse reports: 
http://wiki.junkemailfilter.com/index.php/Spam_abuse
To test or be removed from our blacklist: 
http://ipadmin.junkemailfilter.com/remove.php?ip=201.251.7.126

======== Original Headers ========

Delivery-date: Wed, 22 Oct 2008 17:12:05 -0700
Received: from mail.royalmercosur.com ([201.251.7.126])
        by pascal.junkemailfilter.com with esmtp (Exim 4.68)
        id 1Ksno4-0007zw-JQ on interface=65.49.42.60
        for [EMAIL PROTECTED]; Wed, 22 Oct 2008 17:12:05 -0700
Received: from localhost (localhost [127.0.0.1])
        by mail.royalmercosur.com (Postfix) with ESMTP id 09E9A8C304;
        Wed, 22 Oct 2008 15:44:25 -0300 (ART)
X-Virus-Scanned: amavisd-new at royalmercosur.com
Received: from mail.royalmercosur.com ([127.0.0.1])
        by localhost (mail.royalmercosur.com [127.0.0.1]) (amavisd-new, port 
10024)
        with ESMTP id 7+tKuGv-tLND; Wed, 22 Oct 2008 15:44:24 -0300 (ART)
Received: from mail.royalmercosur.com (localhost [127.0.0.1])
        by mail.royalmercosur.com (Postfix) with ESMTP id 123A58C2F6;
        Wed, 22 Oct 2008 15:44:23 -0300 (ART)
Received: from 81.199.88.72
       (SquirrelMail authenticated user credondo)
       by mail.royalmercosur.com with HTTP;
       Wed, 22 Oct 2008 15:44:23 -0300 (ART)
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 22 Oct 2008 15:44:23 -0300 (ART)
Subject: Dear Lottery Winner,
From: "THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;
Content-Transfer-Encoding: quoted-printable
X-Sender-Domain: royalmercosur.com
X-Freemail-From: casino.com
X-Freemail-Reply-to: hotmail.com
X-Spamfilter-host: pascal.junkemailfilter.com - http://www.junkemailfilter.com
X-Mail-from: [EMAIL PROTECTED]
X-From-name-part: the casino-web lottery award X-Spam-Class: SPAM-HIGH-VERY - 419scam Freemail - Reply-to does not match From - [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] [EMAIL PROTECTED] S=[Dear Lottery Winner,] FN=[the casino-web lottery award ] 
X-Spamsave: Yes - 419scam Freemail - Reply-to does not match From - [EMAIL PROTECTED] 
F="THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> - X=pascal 
H=mail.royalmercosur.com [201.251.7.126] HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] [EMAIL 
PROTECTED] S=[Dear Lottery Winner,] FN=[the casino-web lottery award ]
X-Sender-Host-Address: 201.251.7.126
X-Sender-Host-Name: mail.royalmercosur.com
X-Original-helo: mail.royalmercosur.com

------------------------------------------------------------------------

Feedback-Type: abuse
User-Agent: JunkEmailFilter - Abuse Reporter/1.0 - Testing - Feedback 
Appreciated
Version: 0.1
Original-Mail-From: "THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]>
Original-Rcpt-To: undisclosed-recipients:;
Received-Date: Wed, 22 Oct 2008 17:12:05 -0700
Source-IP: 201.251.7.126


------------------------------------------------------------------------

Asunto:
Dear Lottery Winner,
De:
"THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]>
Fecha:
Wed, 22 Oct 2008 15:44:23 -0300 (ART)

Para:
undisclosed-recipients:;

Delivery-date:
Wed, 22 Oct 2008 17:12:05 -0700
Received:
from mail.royalmercosur.com ([201.251.7.126]) by pascal.junkemailfilter.com with esmtp (Exim 4.68) id 1Ksno4-0007zw-JQ on interface=65.49.42.60 for [EMAIL PROTECTED]; Wed, 22 Oct 2008 17:12:05 -0700 
Received:
from localhost (localhost [127.0.0.1]) by mail.royalmercosur.com (Postfix) with ESMTP id 09E9A8C304; Wed, 22 Oct 2008 15:44:25 -0300 (ART) 
X-Virus-Scanned:
amavisd-new at royalmercosur.com
Received:
from mail.royalmercosur.com ([127.0.0.1]) by localhost (mail.royalmercosur.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7+tKuGv-tLND; Wed, 22 Oct 2008 15:44:24 -0300 (ART) 
Received:
from mail.royalmercosur.com (localhost [127.0.0.1]) by mail.royalmercosur.com (Postfix) with ESMTP id 123A58C2F6; Wed, 22 Oct 2008 15:44:23 -0300 (ART) 
Received:
from 81.199.88.72 (SquirrelMail authenticated user credondo) by mail.royalmercosur.com with HTTP; Wed, 22 Oct 2008 15:44:23 -0300 (ART) 
Message-ID:
<[EMAIL PROTECTED]>
Responder a:
[EMAIL PROTECTED]
Agente de usuario::
SquirrelMail/1.4.9a
MIME-Version:
1.0
Content-Type:
text/plain;charset=iso-8859-1
X-Priority:
3 (Normal)
Importance:
Normal
Content-Transfer-Encoding:
quoted-printable
X-Sender-Domain:
royalmercosur.com
X-Freemail-From:
casino.com
X-Freemail-Reply-to:
hotmail.com
X-Spamfilter-host:
pascal.junkemailfilter.com - http://www.junkemailfilter.com
X-Mail-from:
[EMAIL PROTECTED]
X-From-name-part:
the casino-web lottery award
X-Spam-Class:
SPAM-HIGH-VERY - 419scam Freemail - Reply-to does not match From - [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] [EMAIL PROTECTED] S=[Dear Lottery Winner,] FN=[the casino-web lottery award ] 
X-Spamsave:
Yes - 419scam Freemail - Reply-to does not match From - [EMAIL PROTECTED] F="THE CASINO-WEB LOTTERY AWARD" <[EMAIL PROTECTED]> - X=pascal H=mail.royalmercosur.com [201.251.7.126] HELO=[mail.royalmercosur.com] [EMAIL PROTECTED] [EMAIL PROTECTED] S=[Dear Lottery Winner,] FN=[the casino-web lottery award ] 
X-Sender-Host-Address:
201.251.7.126
X-Sender-Host-Name:
mail.royalmercosur.com
X-Original-helo:
mail.royalmercosur.com


from=<[EMAIL PROTECTED]>, size=2711, nrcpt=50 (queue active)
Oct 23 09:02:36 localhost postfix/qmgr[13699]: 324259209E: from=<[EMAIL PROTECTED]>, size=2711, nrcpt=50 (queue active) Oct 23 09:02:36 localhost postfix/smtp[13709]: connect to cluster2.eu.messagelabs.com[195.245.231.83]: Connection refused (port 25) Oct 23 09:02:36 localhost postfix/qmgr[13699]: 11FC62C6FD: from=<>, size=8265, nrcpt=1 (queue active) Oct 23 09:02:36 localhost postfix/smtp[13714]: connect to cluster2.eu.messagelabs.com[195.245.231.67]: Connection refused (port 25) Oct 23 09:02:36 localhost postfix/smtp[13708]: connect to cluster2.eu.messagelabs.com[193.109.255.131]: Connection refused (port 25) Oct 23 09:02:36 localhost postfix/qmgr[13699]: DB15DD186: from=<>, size=5438, nrcpt=1 (queue active) Oct 23 09:02:36 localhost postfix/smtp[13710]: connect to cluster2.eu.messagelabs.com[195.245.230.179]: Connection refused (port 25) Oct 23 09:02:36 localhost postfix/qmgr[13699]: 1D6398B789: from=<>, size=4385, nrcpt=1 (queue active) Oct 23 09:02:36 localhost postfix/qmgr[13699]: 60CF52D600: from=<[EMAIL PROTECTED]>, size=2108, nrcpt=50 (queue active) Oct 23 09:02:36 localhost postfix/qmgr[13699]: 194248D2A7: from=<>, size=27838, nrcpt=1 (queue active) Oct 23 09:02:36 localhost postfix/qmgr[13699]: 3835AC379: from=<>, size=9172, nrcpt=1 (queue active) Oct 23 09:02:36 localhost postfix/qmgr[13699]: 1597E8B342: from=<>, size=14778, 

Esto se repite durante unas cuantas paginas,

Responder a