From owner-freebsd-security Tue Apr 25 1:41:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from nic.mmc.net.ge (nic.mmc.net.ge [212.72.145.2]) by hub.freebsd.org (Postfix) with ESMTP id 10E1A37BC70 for ; Tue, 25 Apr 2000 01:41:29 -0700 (PDT) (envelope-from dima@mmc.net.ge) Received: from mmc.net.ge (wondy.mmc.net.ge [212.72.145.9]) by nic.mmc.net.ge (8.9.3/8.9.3) with ESMTP id NAA25189 for ; Tue, 25 Apr 2000 13:48:09 +0500 (GET) Message-ID: <390567C0.AD1ADC3E@mmc.net.ge> Date: Tue, 25 Apr 2000 13:39:12 +0400 From: dima@mmc.net.ge X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: SPAM Problem!! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Someone, claiming to be my mail user (different usernames), sends spam mails to the internet. I have recieved a lot of messages from admins and postmasters of different servers. At the same time I have the following in my mail log, look below. What shall I do to find this spamer, or how can I protect my domain reputation. ------ Apr 25 13:21:07 nic sendmail[24796]: NAA24796: ... User unknown Apr 25 13:21:08 nic sendmail[24796]: NAA24796: from=<>, size=8645, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=lisa.ionsys.com [206.49.34.7] Apr 25 13:21:45 nic sendmail[24801]: NAA24801: ... User unknown Apr 25 13:21:48 nic sendmail[24801]: NAA24801: from=<>, size=15585, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] Apr 25 13:22:28 nic sendmail[24806]: NAA24806: ... User unknown Apr 25 13:22:28 nic sendmail[24806]: NAA24806: from=<>, size=15585, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] Apr 25 13:23:22 nic sendmail[24816]: NAA24816: ... User unknown Apr 25 13:23:23 nic sendmail[24816]: NAA24816: from=<>, size=1922, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=sibelius.demon.co.uk [158.152.83.160] -- Apr 25 13:25:51 nic sendmail[24832]: NAA24832: ... User unknown Apr 25 13:25:53 nic sendmail[24832]: NAA24832: from=<>, size=15585, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=praseodumium.btinternet.com [194.73.73.82] -- Apr 25 13:28:17 nic sendmail[24858]: NAA24855: to=, delay=00:00:05, xdelay=00:00:01, mailer=local, stat=Sent Apr 25 13:28:17 nic sendmail[24857]: NAA24857: from=<>, size=7592, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[192.12.130.44] -- Apr 25 13:31:07 nic sendmail[24901]: NAA24901: ... User unknown Apr 25 13:31:09 nic sendmail[24901]: NAA24901: from=<>, size=7744, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com [204.143.176.5] -- Apr 25 13:32:04 nic sendmail[24915]: NAA24915: ... User unknown Apr 25 13:32:05 nic sendmail[24915]: NAA24915: from=<>, size=7795, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com [204.143.176.5] -- Apr 25 13:33:26 nic sendmail[24928]: NAA24928: ... User unknown Apr 25 13:33:27 nic sendmail[24928]: NAA24928: from=<>, size=2270, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[216.79.19.1] -- Apr 25 13:36:50 nic sendmail[24961]: NAA24956: to=, ctladdr= (1002/0), delay=00:00:27, xdelay=00:00:07, mailer=esmtp, relay=praseodumium.btinternet.com. [194.73.73.82], stat=Sent (OK id=12k0i6-0002NB-00) Apr 25 13:36:56 nic sendmail[24977]: NAA24977: from=<>, size=2670, class=0, pri=32670, nrcpts=1, msgid=, proto=ESMTP, relay=praseodumium.btinternet.com [194.73.73.82] -- Apr 25 13:37:21 nic sendmail[24993]: NAA24993: ... User unknown Apr 25 13:37:21 nic sendmail[24993]: NAA24993: from=<>, size=9338, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=pluto.psn.net [207.211.58.12] Apr 25 13:37:26 nic sendmail[24997]: NAA24997: from=<>, size=2634, class=0, pri=32634, nrcpts=1, msgid=, proto=ESMTP, relay=tungsten.btinternet.com [194.73.73.81] -- Apr 25 13:38:40 nic sendmail[25025]: NAA25025: ... User unknown Apr 25 13:38:41 nic sendmail[25025]: NAA25025: from=<>, size=7925, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[207.104.89.13] -- Apr 25 13:41:54 nic sendmail[25075]: NAA25075: ... User unknown Apr 25 13:41:55 nic sendmail[25075]: NAA25075: from=<>, size=11085, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail.xmission.com [198.60.22.22] -- Apr 25 13:42:06 nic sendmail[25079]: NAA25079: ... User unknown Apr 25 13:42:06 nic sendmail[25079]: NAA25079: from=<>, size=6364, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=rmx05.iname.net [165.251.8.203] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message