On Tue, 2010-06-08 at 17:53 -0500, Lindsay Haisley wrote: > I just checked my mail logs and find a very large number of attempted > deliveries from the list to various users @gamblingplanet.org. e.g., > > Jun 8 17:27:52 kali courierd: > started,id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet....@autoharp.org>,module=esmtp,host=gamblingplanet.org,addr=<[email protected]> > Jun 8 17:28:52 kali courieresmtp: > id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet....@autoharp.org>,addr=<[email protected]>: > Connection timed out > Jun 8 17:28:52 kali courieresmtp: > id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet....@autoharp.org>,addr=<[email protected]>,status: > deferred > > There are no addresses @gamblingplanet.org on the cyberpluckers list! > Has the list server been hacked? What could be going on here? I'm not > seeing any incoming probes which would generate a list DSN or NDR.
I'm also seeing this associated with other lists on the same server. Somehow my list server is being used as a kind of open relay, which is strictly denied by the mail server on which it rides. There are other obvious spam domains involved, e.g. qq.com.cn and clubmediterra.ru. -- Lindsay Haisley | "Everything works if you let it" FMP Computer Services | 512-259-1190 | - The Roadie http://www.fmp.com | ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
