[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

again.. how to stop spam relaying?

To: "'zmailer@nic.funet.fi'" <zmailer@nic.funet.fi>
Subject: again.. how to stop spam relaying?
From: "Paquette, Trevor" <TrevorPaquette@mcc.net>
Date: Mon, 9 Feb 1998 06:20:58 -0700

We just got 'replay spammed' again.. Some looser is using us to relay to
mcimail.com.
How can I stop this???? This ties up our mail system for hours on end.
This guy tries to pump about 10000 mail messages ever few days through
us.

> -----Original Message-----
> From:	Paquette, Trevor [SMTP:TrevorPaquette@mcc.net]
> Sent:	Monday, January 26, 1998 9:15 AM
> To:	'zmailer@nic.funet.fi'
> Subject:	how to stop spam relaying?
> 
	Using 2.99.49p9 patch 1, I have setup some anti-spamming rules
in my smtp-policy files, but it
> looks like someone was actually able to use my system as a spam relay:
> 
> Here are the logs:
> 
> 3049#   connection from usr1-dialup51.mix1.Bloomington.mci.net
> ident:TIMEDOUT [port 1087]
> 3049w   220 gate ZMailer Server 2.99.49p8 #1 ESMTP+IDENT ready at
> Sat,24 Jan 1998 15:22:45 -0700
> 3049#   remote from [166.55.19.51]
> 3049r   HELO ccweb.ccweb.com
> 3049w   250 gate.mcc.net expected "HELO
> usr1-dialup51.mix1.Bloomington.mci.net"
> 3049r   RSET
> 3049w   250 2.0.0 Ok
> 3049r   MAIL FROM:<guhio71@msn.com>
> 3049w   250 2.1.0 Sender syntax Ok
> 3049r   RCPT TO:<2001199@mcimail.com>
> 3049w   250 2.1.5 Recipient address syntax Ok
> 3049r   RCPT TO:<2001198@mcimail.com>
> 3049w   250 2.1.5 Recipient address syntax Ok
> 3049r   RCPT TO:<2001197@mcimail.com>
> .....
> .....
> .....
> .....
> 3049r   RCPT TO:<2001101@mcimail.com>
> 3049w   250 2.1.5 Recipient address syntax Ok
> 3049r   RCPT TO:<2001100@mcimail.com>
> 3049w   250 2.1.5 Recipient address syntax Ok
> 3049r   DATA
> 3049w   354 Start mail input; end with <CRLF>.<CRLF>
> 3049w   250 2.6.0 S.omabe421802 message accepted
> 3049#   S.omabe421802: 6960 bytes
> 3049r   QUIT
> 3049w   221 2.0.0 gate.mcc.net Out
> 
> I have setup the following files to try to stop this:
> 
> smtp-policy.relay:
> (List of IPs that can use us as an outgoing smtp relay)
> 
> smtp-policy.mx:
> (all of the domains that we are the mail exchanger for)
> 
> I then run $ZMAILER/bin/policy-builder.sh to create the database
> files,
> and the policydb parameter in smtpserver.conf is set to:
> 
> PARAM  policydb   ndbm  /apps/zmailer/db/smtp-policy
> 
> According to the contents of the above files, what happened in the
> logs
> above, should never have happened.
> Am I missing something obvious?
> 
> --
> 
> Trevor Paquette              | MetroNet Solutions |Work:(403)543-2355
> TrevorPaquette@mcc.net       |4300, 150 6th Ave SW| Fax:(403)543-2854
> http://www.mcc.net           |Calgary, AB, Canada
> |ICBM:51'03"N/114'05"W
> Senior Unix Network Architect|       T2P 4K9      |Mind:In the Rockies
>

Follow-Ups:
- Re: again.. how to stop spam relaying?
  - From: mea@nic.funet.fi (Tue, 10 Feb 1998 12:30:12 +0200)

Prev by Date: No Subject
Next by Date: Re: again.. how to stop spam relaying?
Prev by thread: OK to send e-mail?
Next by thread: Re: again.. how to stop spam relaying?
Index(es):
- Date
- Thread