From owner-freebsd-security Tue Apr 25 2:34:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from as.tksoft.com (gyw.com [209.55.67.177]) by hub.freebsd.org (Postfix) with ESMTP id 14B0037B5E9 for ; Tue, 25 Apr 2000 02:34:06 -0700 (PDT) (envelope-from tjk@tksoft.com) Received: (from tjk@tksoft.com) by uno.tksoft.com (8.8.8/8.8.8) id CAA01507; Tue, 25 Apr 2000 02:35:37 -0700 From: "tjk@tksoft.com" Message-Id: <200004250935.CAA01507@uno.tksoft.com> Subject: Re: SPAM Problem!! To: dima@mmc.net.ge Date: Tue, 25 Apr 2000 02:35:37 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <390567C0.AD1ADC3E@mmc.net.ge> from "dima@mmc.net.ge" at Apr 25, 0 01:39:12 pm Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Without digging into whose who in the below logs, I can only guess. Anyway, it seems that you either received emails targeted at your server or someone used your mail server as a relay. There isn't much you can do to protect yourself against spam, beyond filtering and blocking abusive IPs. You can limit access to your mail server, so it can't be used to relay emails. You should look into the docs for the version of sendmail you have, and block relaying. If you don't have the docs, look into /etc/sendmail.cf and see which files specify allowed relays. They vary based on the sendmail distribution. E.g. /etc/sendmail.cR, or /etc/mail/ip_allow, name_allow Troy > > Someone, claiming to be my mail user (different usernames), sends spam > mails to the internet. > I have recieved a lot of messages from admins and postmasters of > different servers. > At the same time I have the following in my mail log, look below. > What shall I do to find this spamer, or how can I protect my domain > reputation. > > ------ > Apr 25 13:21:07 nic sendmail[24796]: NAA24796: > ... User unknown > Apr 25 13:21:08 nic sendmail[24796]: NAA24796: from=<>, size=8645, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=lisa.ionsys.com > [206.49.34.7] > Apr 25 13:21:45 nic sendmail[24801]: NAA24801: ... > User unknown > Apr 25 13:21:48 nic sendmail[24801]: NAA24801: from=<>, size=15585, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] > Apr 25 13:22:28 nic sendmail[24806]: NAA24806: ... > User unknown > Apr 25 13:22:28 nic sendmail[24806]: NAA24806: from=<>, size=15585, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] > Apr 25 13:23:22 nic sendmail[24816]: NAA24816: > ... User unknown > Apr 25 13:23:23 nic sendmail[24816]: NAA24816: from=<>, size=1922, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=sibelius.demon.co.uk > [158.152.83.160] > -- > Apr 25 13:25:51 nic sendmail[24832]: NAA24832: ... > User unknown > Apr 25 13:25:53 nic sendmail[24832]: NAA24832: from=<>, size=15585, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=praseodumium.btinternet.com > [194.73.73.82] > -- > Apr 25 13:28:17 nic sendmail[24858]: NAA24855: to=, > delay=00:00:05, xdelay=00:00:01, mailer=local, stat=Sent > Apr 25 13:28:17 nic sendmail[24857]: NAA24857: from=<>, size=7592, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[192.12.130.44] > -- > Apr 25 13:31:07 nic sendmail[24901]: NAA24901: ... > User unknown > Apr 25 13:31:09 nic sendmail[24901]: NAA24901: from=<>, size=7744, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com > [204.143.176.5] > -- > Apr 25 13:32:04 nic sendmail[24915]: NAA24915: > ... User unknown > Apr 25 13:32:05 nic sendmail[24915]: NAA24915: from=<>, size=7795, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com > [204.143.176.5] > -- > Apr 25 13:33:26 nic sendmail[24928]: NAA24928: > ... User unknown > Apr 25 13:33:27 nic sendmail[24928]: NAA24928: from=<>, size=2270, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[216.79.19.1] > -- > Apr 25 13:36:50 nic sendmail[24961]: NAA24956: > to=, ctladdr= > (1002/0), delay=00:00:27, xdelay=00:00:07, mailer=esmtp, > relay=praseodumium.btinternet.com. [194.73.73.82], stat=Sent (OK > id=12k0i6-0002NB-00) > Apr 25 13:36:56 nic sendmail[24977]: NAA24977: from=<>, size=2670, > class=0, pri=32670, nrcpts=1, > msgid=, proto=ESMTP, > relay=praseodumium.btinternet.com [194.73.73.82] > -- > Apr 25 13:37:21 nic sendmail[24993]: NAA24993: > ... User unknown > Apr 25 13:37:21 nic sendmail[24993]: NAA24993: from=<>, size=9338, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=pluto.psn.net > [207.211.58.12] > Apr 25 13:37:26 nic sendmail[24997]: NAA24997: from=<>, size=2634, > class=0, pri=32634, nrcpts=1, > msgid=, proto=ESMTP, > relay=tungsten.btinternet.com [194.73.73.81] > -- > Apr 25 13:38:40 nic sendmail[25025]: NAA25025: ... > User unknown > Apr 25 13:38:41 nic sendmail[25025]: NAA25025: from=<>, size=7925, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[207.104.89.13] > -- > Apr 25 13:41:54 nic sendmail[25075]: NAA25075: ... > User unknown > Apr 25 13:41:55 nic sendmail[25075]: NAA25075: from=<>, size=11085, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail.xmission.com > [198.60.22.22] > -- > Apr 25 13:42:06 nic sendmail[25079]: NAA25079: ... > User unknown > Apr 25 13:42:06 nic sendmail[25079]: NAA25079: from=<>, size=6364, > class=0, pri=0, nrcpts=0, proto=ESMTP, relay=rmx05.iname.net > [165.251.8.203] > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message