Date: Tue, 25 Apr 2000 15:05:42 -0700 (PDT) From: "tjk@tksoft.com" <tjk@tksoft.com> To: brett@lariat.org (Brett Glass) Cc: dima@mmc.net.ge, freebsd-security@FreeBSD.ORG Subject: Re: SPAM Problem!! Message-ID: <200004252205.PAA10330@uno.tksoft.com> In-Reply-To: <4.3.1.2.20000425125525.00bc8930@localhost> from "Brett Glass" at Apr 25, 0 01:01:20 pm
next in thread | previous in thread | raw e-mail | index | archive | help
If you set postmaster to receive copies of all errors, you will see the bounced emails. You might not get the full messages, but at least you will know which systems were involved. The line in /etc/sendmail.cf is O PostMasterCopy=postmaster@yourdomain.com Troy > > First of all, make sure that your server ISN'T the problem. Are > you running the latest version of Sendmail? Are the anti-spamming > and anti-relaying provisions in place? If you are an open relay, > you may be getting complaints. Or it could be that you are > being used as a multi-level relay -- that is, if people are sending > spam to one of your machines, which is relaying it to another of your > machines, which is then relayig it to the Net. If you can get samples > of the spam, you can see. > > If your domain is simply being used in forged "from" addresses, > find some of the spam and complain to the ISP that's letting the > spammer send it. You have a legal cause of action if they don't kick > the spammer off their net. (AOL has won several cases against spammers > who used spoofed AOL "from" addresses, and has prodded quite a few > ISPs to take action against such spammers.) > > --Brett Glass > > At 03:39 AM 4/25/2000, dima@mmc.net.ge wrote: > > >Someone, claiming to be my mail user (different usernames), sends spam > >mails to the internet. > >I have recieved a lot of messages from admins and postmasters of > >different servers. > >At the same time I have the following in my mail log, look below. > >What shall I do to find this spamer, or how can I protect my domain > >reputation. > > > >------ > >Apr 25 13:21:07 nic sendmail[24796]: NAA24796: > ><polaris1050racer@mmc.net.ge>... User unknown > >Apr 25 13:21:08 nic sendmail[24796]: NAA24796: from=<>, size=8645, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=lisa.ionsys.com > >[206.49.34.7] > >Apr 25 13:21:45 nic sendmail[24801]: NAA24801: <wjfwilder@mmc.net.ge>... > >User unknown > >Apr 25 13:21:48 nic sendmail[24801]: NAA24801: from=<>, size=15585, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] > >Apr 25 13:22:28 nic sendmail[24806]: NAA24806: <wjfwilder@mmc.net.ge>... > >User unknown > >Apr 25 13:22:28 nic sendmail[24806]: NAA24806: from=<>, size=15585, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[194.73.73.176] > >Apr 25 13:23:22 nic sendmail[24816]: NAA24816: > ><paulettej101@mmc.net.ge>... User unknown > >Apr 25 13:23:23 nic sendmail[24816]: NAA24816: from=<>, size=1922, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=sibelius.demon.co.uk > >[158.152.83.160] > >-- > >Apr 25 13:25:51 nic sendmail[24832]: NAA24832: <wjfwilder@mmc.net.ge>... > >User unknown > >Apr 25 13:25:53 nic sendmail[24832]: NAA24832: from=<>, size=15585, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=praseodumium.btinternet.com > >[194.73.73.82] > >-- > >Apr 25 13:28:17 nic sendmail[24858]: NAA24855: to=<galaxy@mmc.net.ge>, > >delay=00:00:05, xdelay=00:00:01, mailer=local, stat=Sent > >Apr 25 13:28:17 nic sendmail[24857]: NAA24857: from=<>, size=7592, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[192.12.130.44] > >-- > >Apr 25 13:31:07 nic sendmail[24901]: NAA24901: <ylddawg@mmc.net.ge>... > >User unknown > >Apr 25 13:31:09 nic sendmail[24901]: NAA24901: from=<>, size=7744, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com > >[204.143.176.5] > >-- > >Apr 25 13:32:04 nic sendmail[24915]: NAA24915: > ><chrisagchustlerz@mmc.net.ge>... User unknown > >Apr 25 13:32:05 nic sendmail[24915]: NAA24915: from=<>, size=7795, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail2.infohouse.com > >[204.143.176.5] > >-- > >Apr 25 13:33:26 nic sendmail[24928]: NAA24928: > ><kristiekcuttinup@mmc.net.ge>... User unknown > >Apr 25 13:33:27 nic sendmail[24928]: NAA24928: from=<>, size=2270, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[216.79.19.1] > >-- > >Apr 25 13:36:50 nic sendmail[24961]: NAA24956: > >to=<postmaster@praseodumium.btinternet.com>, ctladdr=<zvi@mmc.net.ge> > >(1002/0), delay=00:00:27, xdelay=00:00:07, mailer=esmtp, > >relay=praseodumium.btinternet.com. [194.73.73.82], stat=Sent (OK > >id=12k0i6-0002NB-00) > >Apr 25 13:36:56 nic sendmail[24977]: NAA24977: from=<>, size=2670, > >class=0, pri=32670, nrcpts=1, > >msgid=<E12k0i9-0002Pl-00@praseodumium.btinternet.com>, proto=ESMTP, > >relay=praseodumium.btinternet.com [194.73.73.82] > >-- > >Apr 25 13:37:21 nic sendmail[24993]: NAA24993: > ><polaris1050racer@mmc.net.ge>... User unknown > >Apr 25 13:37:21 nic sendmail[24993]: NAA24993: from=<>, size=9338, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=pluto.psn.net > >[207.211.58.12] > >Apr 25 13:37:26 nic sendmail[24997]: NAA24997: from=<>, size=2634, > >class=0, pri=32634, nrcpts=1, > >msgid=<E12k0jX-0003qj-00@tungsten.btinternet.com>, proto=ESMTP, > >relay=tungsten.btinternet.com [194.73.73.81] > >-- > >Apr 25 13:38:40 nic sendmail[25025]: NAA25025: <shyvoneav@mmc.net.ge>... > >User unknown > >Apr 25 13:38:41 nic sendmail[25025]: NAA25025: from=<>, size=7925, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[207.104.89.13] > >-- > >Apr 25 13:41:54 nic sendmail[25075]: NAA25075: <aeronca@mmc.net.ge>... > >User unknown > >Apr 25 13:41:55 nic sendmail[25075]: NAA25075: from=<>, size=11085, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail.xmission.com > >[198.60.22.22] > >-- > >Apr 25 13:42:06 nic sendmail[25079]: NAA25079: <kayla66@mmc.net.ge>... > >User unknown > >Apr 25 13:42:06 nic sendmail[25079]: NAA25079: from=<>, size=6364, > >class=0, pri=0, nrcpts=0, proto=ESMTP, relay=rmx05.iname.net > >[165.251.8.203] > > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004252205.PAA10330>