[BlueOnyx:01524] Re: Spammers
Ralf Quint
Smoothwall at gmx.net
Sun Jun 28 15:55:49 -05 2009
At 01:47 PM 6/28/2009, Steve Davis wrote:
>I found an IP in a mqueue file and did a grep to find that IP in the
>maillog. Below is 1 of 12 of those messages. Does not say how the user
>logged in. If they did at all.
>
>Jun 28 05:48:50 raq1 sendmail[23368]: n5SAmkLY023368:
>from=<ifdfgbniiqxlxqhpwl at alibaba.com.cn
> >, size=1083, class=0, nrcpts=13,
> msgid=<JKKTRSOILLBECPMSEFVT at anime.adsldns.org
> >, bodytype=8BITMIME, proto=SMTP, daemon=MTA,
>relay=124-11-194-186.dynamic.tfn.net.tw [124.11.194.186]
>
>
>It looks more like this is just an attack on my server, flooding the
>mail queue,. I dont see where there have been attempts to hack in, or
>even log in.
>
>How is this possible?
Welcome to the wonderful world of the Internet...
This is a very common scheme these days, more or less randomly (well,
they got somehow IP addresses of active email servers) bots mainly in
China (PRC and Taiwan), Korea as well as in countries like Romania,
Spain, Ukraine are trying to flood email servers with spam. A very
common spam that most spam filter software/services seem to be
incapable of stopping is those apparently "self-addressed" emails or
any variation of existing email user or random user names for a
certain domain. The only way in my experience of the last several
month is to block the originating subnets on the firewall which you
hopefully have in front of your email server(s)...
Ralf
More information about the Blueonyx
mailing list