OK, that's something... any way we can just blackhole this guy completely? I sent a copy of my config.xml earlier today, email me off list if you missed it. As best as I can tell we have set up James to not allow this. Either (1) we are missing somehting in the config or (2) the server has been rooted or (3) there is a weakness in James being exploited. If the answer is in 1 or 3 I suspect a lot of people here would like to know it.
Best, -cwk. ----- Original Message ----- From: "Noel J. Bergman" <[EMAIL PROTECTED]> To: "James Users List" <server-user@james.apache.org> Sent: Monday, March 14, 2005 6:14 PM Subject: RE: Urgent: Spam Backdoor in James? > Ok, here is your spammer: > > Received: from 219-81-145-243.static.tfn.net.tw ([219.81.145.243]) > by foo-bar.com (JAMES SMTP Server 2.2.0) with SMTP ID 199; > Mon, 14 Mar 2005 23:52:17 -0600 (CST) > > whom you can find at http://www.openrbl.org/ip/219/81/145/243.htm. > > Now the question is why your system thinks that it should be sending mail to > itself for joymail.com. That domain does not have an MX record, but mail > should be relayed to: > > joymail.com. 43200 IN A 64.235.246.143 > > as per the RFC. Instead, you appear to be accepting it and sending it to > yourself. The latter is the problem. > > --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
