From owner-freebsd-security Tue Apr 25 12: 2:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 2B8A737BD4A for ; Tue, 25 Apr 2000 12:02:43 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id NAA27708; Tue, 25 Apr 2000 13:02:22 -0600 (MDT) Message-Id: <4.3.1.2.20000425125525.00bc8930@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Tue, 25 Apr 2000 13:01:20 -0600 To: dima@mmc.net.ge, freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: SPAM Problem!! In-Reply-To: <390567C0.AD1ADC3E@mmc.net.ge> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org First of all, make sure that your server ISN'T the problem. Are you running the latest version of Sendmail? Are the anti-spamming and anti-relaying provisions in place? If you are an open relay, you may be getting complaints. Or it could be that you are being used as a multi-level relay -- that is, if people are sending spam to one of your machines, which is relaying it to another of your machines, which is then relayig it to the Net. If you can get samples of the spam, you can see. If your domain is simply being used in forged "from" addresses, find some of the spam and complain to the ISP that's letting the spammer send it. You have a legal cause of action if they don't kick the spammer off their net. (AOL has won several cases against spammers who used spoofed AOL "from" addresses, and has prodded quite a few ISPs to take action against such spammers.) --Brett Glass At 03:39 AM 4/25/2000, dima@mmc.net.ge wrote: >Someone, claiming to be my mail user (different usernames), sends spam >mails to the internet. >I have recieved a lot of messages from admins and postmasters of >different servers. >At the same time I have the following in my mail log, look below. >What shall I do to find this spamer, or how can I protect my domain >reputation. > >------ >Apr 25 13:21:07 nic sendmail[24796]: NAA24796: >... User unknown >Apr 25 13:21:08 nic sendmail[24796]: NAA24796: from=<>, size=8645, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=lisa.ionsys.com >[206.49.34.7] >Apr 25 13:21:45 nic sendmail[24801]: NAA24801: ... >User unknown >Apr 25 13:21:48 nic sendmail[24801]: NAA24801: from=<>, size=15585, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] >Apr 25 13:22:28 nic sendmail[24806]: NAA24806: ... >User unknown >Apr 25 13:22:28 nic sendmail[24806]: NAA24806: from=<>, size=15585, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] >Apr 25 13:23:22 nic sendmail[24816]: NAA24816: >... User unknown >Apr 25 13:23:23 nic sendmail[24816]: NAA24816: from=<>, size=1922, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=sibelius.demon.co.uk >[158.152.83.160] >-- >Apr 25 13:25:51 nic sendmail[24832]: NAA24832: ... >User unknown >Apr 25 13:25:53 nic sendmail[24832]: NAA24832: from=<>, size=15585, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=praseodumium.btinternet.com >[194.73.73.82] >-- >Apr 25 13:28:17 nic sendmail[24858]: NAA24855: to=, >delay=00:00:05, xdelay=00:00:01, mailer=local, stat=Sent >Apr 25 13:28:17 nic sendmail[24857]: NAA24857: from=<>, size=7592, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[192.12.130.44] >-- >Apr 25 13:31:07 nic sendmail[24901]: NAA24901: ... >User unknown >Apr 25 13:31:09 nic sendmail[24901]: NAA24901: from=<>, size=7744, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com >[204.143.176.5] >-- >Apr 25 13:32:04 nic sendmail[24915]: NAA24915: >... User unknown >Apr 25 13:32:05 nic sendmail[24915]: NAA24915: from=<>, size=7795, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com >[204.143.176.5] >-- >Apr 25 13:33:26 nic sendmail[24928]: NAA24928: >... User unknown >Apr 25 13:33:27 nic sendmail[24928]: NAA24928: from=<>, size=2270, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[216.79.19.1] >-- >Apr 25 13:36:50 nic sendmail[24961]: NAA24956: >to=, ctladdr= >(1002/0), delay=00:00:27, xdelay=00:00:07, mailer=esmtp, >relay=praseodumium.btinternet.com. [194.73.73.82], stat=Sent (OK >id=12k0i6-0002NB-00) >Apr 25 13:36:56 nic sendmail[24977]: NAA24977: from=<>, size=2670, >class=0, pri=32670, nrcpts=1, >msgid=, proto=ESMTP, >relay=praseodumium.btinternet.com [194.73.73.82] >-- >Apr 25 13:37:21 nic sendmail[24993]: NAA24993: >... User unknown >Apr 25 13:37:21 nic sendmail[24993]: NAA24993: from=<>, size=9338, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=pluto.psn.net >[207.211.58.12] >Apr 25 13:37:26 nic sendmail[24997]: NAA24997: from=<>, size=2634, >class=0, pri=32634, nrcpts=1, >msgid=, proto=ESMTP, >relay=tungsten.btinternet.com [194.73.73.81] >-- >Apr 25 13:38:40 nic sendmail[25025]: NAA25025: ... >User unknown >Apr 25 13:38:41 nic sendmail[25025]: NAA25025: from=<>, size=7925, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[207.104.89.13] >-- >Apr 25 13:41:54 nic sendmail[25075]: NAA25075: ... >User unknown >Apr 25 13:41:55 nic sendmail[25075]: NAA25075: from=<>, size=11085, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail.xmission.com >[198.60.22.22] >-- >Apr 25 13:42:06 nic sendmail[25079]: NAA25079: ... >User unknown >Apr 25 13:42:06 nic sendmail[25079]: NAA25079: from=<>, size=6364, >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=rmx05.iname.net >[165.251.8.203] > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message