Re: Help Attack!!

Fri, 26 Sep 2003 11:40:51 -0700 

On 09/26/03 at 14:17 -0400, Leonard Spell opined:

> I checked the files as you suggested.  There is a file with a hugh list 
> of email addresses and immediately following it there will be 30 or 40 
> [EMAIL PROTECTED]  It appears these are bounces from the server that the first 
> email was trying to access.

Someone is trying to relay a message with a long recipient list (think
spam) through your server and the destination server(s) is (are) not
accepting it.

> I am enclosing pieces of the log if someone could help me determine
> this. The address they are trying to reach in this case is
> compunet2.com from ice.is and then several null emails back to my
> server.  The adrian69 address is one of a 100 addresses in the header
> of the email.
> 
> Leonard
> 
> 13:44:32 3 SMTP-223(compunet2.com) Failed to connect to 
> [192.168.0.1:25]. reason=60
> 13:44:32 3 SMTP-223(compunet2.com) No relay address is accessable. 
> Error Code=-25010

SIMS can't connect to the MX for compunet2.com (mail.compunet2.com).

> 13:44:32 3 SMTP [S.0000402712] dequeueing
> 13:44:32 1 SYSTEM(SMTP) [S.0000402712] failed on 
> (compunet2.com)adrian69. Error Code=-25010
> 13:44:32 2 SYSTEM [S.0000402760] 
> <[EMAIL PROTECTED]> 1+0 From:[EMAIL PROTECTED]
> 13:44:33 1 SYSTEM(SMTP) [S.0000402760] failed on (ice.is)dvbse. Error 
> Code=-15004
> 13:44:33 0 SYSTEM Return Receipt failed: headers are too long

Do you know anyone in Iceland (.is) and are they allowed to relay through
your server? If not, you should double-check your relay settings. If you
are unintentionally relaying arbitrary messages, you _will_ end up on
blacklists. Also, if you never expect to receive legitimate mail from .is
addresses, you might consider routing *.is to error. BTW, the sender
address here, [EMAIL PROTECTED], is quite possibly forged; I'd also look at the
IP address that the relay came from and strongly consider blacklisting it.

-- 
                   Christopher Bort | [EMAIL PROTECTED]
            Webmaster, Global Homes | [EMAIL PROTECTED]
                      <http://www.globalhomes.com/>

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

Reply via email to