Date: Tue, 18 Mar 2003 10:16:27 -0800 From: K Anderson <freebsduser@attbi.com> To: lists@3bags.com Cc: freebsd-questions@freebsd.org Subject: Re: rejected mail hosts? Message-ID: <3E77627B.7020108@attbi.com> References: <001c01c2ed56$c737f9e0$aeb423cf@3bagsmedia>
next in thread | previous in thread | raw e-mail | index | archive | help
Phillip Smith (mailing list) wrote: > I've started getting an seemingly large amount of these... last week it > was one or two a day, no this: > > Should I be concerned? > > Checking for rejected mail hosts: > 8 21cn.com > 4 xinhuanet.com > 4 msa.hinet.net > 4 19.com.cn > 3 yahoo.com > 2 wargameclub.com > 2 tamil.com > 2 singapore.net > 2 seckinmail.com > 2 qdice.com > 2 portugalnet.com > 2 pakistans.com > 2 netcityhk.com > 2 mybaby.com.hk > 2 mawardy.com > 2 matsutakako.org > 2 malaysia.net > 2 lissamail.com > 2 irishharvest.net > 2 indiya.com > 2 indiadivine.com > 2 ilovetocollect.net > 2 humayunsaeed.net > 2 gillian-chung.com > 2 flytecrew.com > 2 ethailand.com > 2 ebixmail.com > 2 domvista.net > 2 crewstart.com > 2 china139.com > 2 326.cc > 1 wombles.com > 1 williamso.net > 1 virtualmail.com > 1 ulaanbaatar.i-p.com > 1 thepretender.com > 1 thehod.com > 1 thechaplains.com > 1 thaiezone.com > 1 thai-kid.com > 1 tare-panda.com > 1 tabo.ws > 1 soccerpitch.com > 1 sammimail.com > 1 ryokohirosue.com > 1 regards.net > 1 rain-li.net > 1 portugues.org > 1 pigpig.net > 1 pigletmail.com > 1 outgun.com > 1 nativestar.net > 1 myshopfinger.com > 1 myfunnymail.com > 1 miczone.com > 1 michelle-yu.com > 1 mcdull.net > 1 martialmail.com > 1 mandrakelinux.org > 1 mail.com > 1 kunmail.com > 1 jpopmail.com > 1 i611.com > 1 guju.net > 1 ezagenda.com > 1 e-hkma.com > 1 doramail.com > 1 ceciliacheung.com > 1 bkkmail.com > 1 baptistmail.com > 1 alemail.com > 1 9394.com > 1 7.co.kr > 1 168city.com > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > I get some of those messages as well from time to time. Those come from soneone trying to use your email server as a relay. Probably some spammer. if you check your /var/log/maillog, or one of the maillog.?.gz files you might need to check the gzipped ones as well, by either grepping or zgrepping for the pattern "baptistmail" (use zgrep if you're looking in to one of the maillog.?.gz files). When it finds it, it should say Relay denied or something close to that. Now for the neat part. Within that is the actual address of the host that tried to connect and perpitrate the attempt at spamming and making you look like the person sending it, or at least pretty close to sending it. Gotta be carefull because that's how you get your IP address on some of those blackhole lists and soon nobody, if they subscribe to one of those services, will be able to send you email. If your grepping does actually turn up something then you find out who's ISP or network has ownership of the host and send them an email with the log entries, be sure to include your timezonee (uunet for instance wants to know these things). My last experience actually was from UU net. One of their users was, well you know, trying to use my sendmail as a relay. If they all come from the same host, or not, then maybe create a firewall rule to block them from your SMTP port. I would suggest telling you to set sendmail up to do the work but they will keep trying, actually they will keep trying anyway so you might as well firewall them. Now you're probably wondering, how did you get some spammer to find this out? Probably the usual means, port scanning, posting to the web, posting to mail/news lists. If your email sent through your sendmail perhaps your ip address has been harvested. So yes, pat your sendmail on the back. Happy hunting and HTH. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E77627B.7020108>