Date: Tue, 25 Apr 2000 02:35:37 -0700 (PDT) From: "tjk@tksoft.com" <tjk@tksoft.com> To: dima@mmc.net.ge Cc: freebsd-security@FreeBSD.ORG Subject: Re: SPAM Problem!! Message-ID: <200004250935.CAA01507@uno.tksoft.com> In-Reply-To: <390567C0.AD1ADC3E@mmc.net.ge> from "dima@mmc.net.ge" at Apr 25, 0 01:39:12 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Without digging into whose who in the below logs, I can only guess. Anyway, it seems that you either received emails targeted at your server or someone used your mail server as a relay. There isn't much you can do to protect yourself against spam, beyond filtering and blocking abusive IPs. You can limit access to your mail server, so it can't be used to relay emails. You should look into the docs for the version of sendmail you have, and block relaying. If you don't have the docs, look into /etc/sendmail.cf and see which files specify allowed relays. They vary based on the sendmail distribution. E.g. /etc/sendmail.cR, or /etc/mail/ip_allow, name_allow Troy > > Someone, claiming to be my mail user (different usernames), sends spam > mails to the internet. > I have recieved a lot of messages from admins and postmasters of > different servers. > At the same time I have the following in my mail log, look below. > What shall I do to find this spamer, or how can I protect my domain > reputation. > > ------ > Apr 25 13:21:07 nic sendmail[24796]: NAA24796: > <polaris1050racer@mmc.net.ge>... User unknown > Apr 25 13:21:08 nic sendmail[24796]: NAA24796: from=<>, size=8645, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=lisa.ionsys.com > [206.49.34.7] > Apr 25 13:21:45 nic sendmail[24801]: NAA24801: <wjfwilder@mmc.net.ge>... > User unknown > Apr 25 13:21:48 nic sendmail[24801]: NAA24801: from=<>, size=15585, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] > Apr 25 13:22:28 nic sendmail[24806]: NAA24806: <wjfwilder@mmc.net.ge>... > User unknown > Apr 25 13:22:28 nic sendmail[24806]: NAA24806: from=<>, size=15585, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] > Apr 25 13:23:22 nic sendmail[24816]: NAA24816: > <paulettej101@mmc.net.ge>... User unknown > Apr 25 13:23:23 nic sendmail[24816]: NAA24816: from=<>, size=1922, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=sibelius.demon.co.uk > [158.152.83.160] > -- > Apr 25 13:25:51 nic sendmail[24832]: NAA24832: <wjfwilder@mmc.net.ge>... > User unknown > Apr 25 13:25:53 nic sendmail[24832]: NAA24832: from=<>, size=15585, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=praseodumium.btinternet.com > [194.73.73.82] > -- > Apr 25 13:28:17 nic sendmail[24858]: NAA24855: to=<galaxy@mmc.net.ge>, > delay=00:00:05, xdelay=00:00:01, mailer=local, stat=Sent > Apr 25 13:28:17 nic sendmail[24857]: NAA24857: from=<>, size=7592, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[192.12.130.44] > -- > Apr 25 13:31:07 nic sendmail[24901]: NAA24901: <ylddawg@mmc.net.ge>... > User unknown > Apr 25 13:31:09 nic sendmail[24901]: NAA24901: from=<>, size=7744, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com > [204.143.176.5] > -- > Apr 25 13:32:04 nic sendmail[24915]: NAA24915: > <chrisagchustlerz@mmc.net.ge>... User unknown > Apr 25 13:32:05 nic sendmail[24915]: NAA24915: from=<>, size=7795, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com > [204.143.176.5] > -- > Apr 25 13:33:26 nic sendmail[24928]: NAA24928: > <kristiekcuttinup@mmc.net.ge>... User unknown > Apr 25 13:33:27 nic sendmail[24928]: NAA24928: from=<>, size=2270, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[216.79.19.1] > -- > Apr 25 13:36:50 nic sendmail[24961]: NAA24956: > to=<postmaster@praseodumium.btinternet.com>, ctladdr=<zvi@mmc.net.ge> > (1002/0), delay=00:00:27, xdelay=00:00:07, mailer=esmtp, > relay=praseodumium.btinternet.com. [194.73.73.82], stat=Sent (OK > id=12k0i6-0002NB-00) > Apr 25 13:36:56 nic sendmail[24977]: NAA24977: from=<>, size=2670, > class=0, pri=32670, nrcpts=1, > msgid=<E12k0i9-0002Pl-00@praseodumium.btinternet.com>, proto=ESMTP, > relay=praseodumium.btinternet.com [194.73.73.82] > -- > Apr 25 13:37:21 nic sendmail[24993]: NAA24993: > <polaris1050racer@mmc.net.ge>... User unknown > Apr 25 13:37:21 nic sendmail[24993]: NAA24993: from=<>, size=9338, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=pluto.psn.net > [207.211.58.12] > Apr 25 13:37:26 nic sendmail[24997]: NAA24997: from=<>, size=2634, > class=0, pri=32634, nrcpts=1, > msgid=<E12k0jX-0003qj-00@tungsten.btinternet.com>, proto=ESMTP, > relay=tungsten.btinternet.com [194.73.73.81] > -- > Apr 25 13:38:40 nic sendmail[25025]: NAA25025: <shyvoneav@mmc.net.ge>... > User unknown > Apr 25 13:38:41 nic sendmail[25025]: NAA25025: from=<>, size=7925, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[207.104.89.13] > -- > Apr 25 13:41:54 nic sendmail[25075]: NAA25075: <aeronca@mmc.net.ge>... > User unknown > Apr 25 13:41:55 nic sendmail[25075]: NAA25075: from=<>, size=11085, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail.xmission.com > [198.60.22.22] > -- > Apr 25 13:42:06 nic sendmail[25079]: NAA25079: <kayla66@mmc.net.ge>... > User unknown > Apr 25 13:42:06 nic sendmail[25079]: NAA25079: from=<>, size=6364, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=rmx05.iname.net > [165.251.8.203] > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004250935.CAA01507>