Date: Tue, 21 Sep 1999 15:26:26 -0400 (EDT) From: "Mr. K." <bsd@a.servers.aozilla.com> To: Mike Tancsa <mike@sentex.net> Cc: security@FreeBSD.ORG Subject: Re: hackers? Message-ID: <Pine.BSF.4.10.9909211518030.3358-100000@inbox.org> In-Reply-To: <3.0.5.32.19990921145047.013e24b0@staff.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Sep 1999, Mike Tancsa wrote: > At 08:31 PM 9/19/99 -0400, Mr. K. wrote: > >I've just recently upgraded to sendmail 8.9, as my host was being used as > >a mail relay. I think I am now under some kind of attack. When I do a ps > >-x I get the following listings: > > > > They (the spammers) are probably still trying to relay off you. Make sure > your server is indeed setup to block unauthorized third party relays, and > then contact AOL and inform them one of their users is trying to abuse your > resources. > > Look through your maillogs and verify they are indeed being rejected. > I think I figured out what is happening. The relaying is indeed getting denied, but unfortunately some of the spammers software is waiting blindly for a positive response (and thus keeping a connection until they time out). My choices seem to be ipfw (which I don't want to do as I don't want to block all aol users), or somehow getting sendmail to disconnect on a "relaying denied" (instead of sitting there until they timeout). I can't figure out how to do the latter (doesn't seem to be possible). And of course calling AOL and bitching, at least that will feel good if I can get a bunch of these spammers booted. Sep 21 15:17:23 a sendmail[3421]: PAA03421: ruleset=check_rcpt, arg1=<tackinq@yahoo.com>, relay=98A89A1C.ipt.aol.com [152.168.154.28], reject=550 <tackinq@yahoo.com>... Relaying denied Sep 21 15:17:59 a sendmail[1445]: OAA01445: from=bihungstud@aol.net, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=98A7D5DA.ipt.aol.com [152.167.213.218] Sep 21 15:18:12 a sendmail[3438]: PAA03438: ruleset=check_rcpt, arg1=<tformwoa@yahoo.com>, relay=98CB0B15.ipt.aol.com [152.203.11.21], reject=550 <tformwoa@yahoo.com>... Relaying denied To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909211518030.3358-100000>