Just to point out something not yet considered, it is very possible that
a spammer is just using an address at your domain. Admittedly, I only
skimmed the message/error, but this sort of thing happens to me all the
time, daily at least. No security issue, there isn't even a mail server
for "them" to use as a relay that is mine, just an address.
On Wed, 2004-08-11 at 16:10, Bill Wesson wrote:
> Note: Westerneng.com is a domain on our server.
> carol@westerneng.com is a non-existent user.
> Part of the message is as follows:
>
> **********************************************
> ** THIS IS A WARNING MESSAGE ONLY **
> ** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
> **********************************************
>
> The original message was received at Wed, 4 Aug 2004 17:25:03 -0700 from
> [65.182.130.29]
>
> ----- Transcript of session follows ----- ... while talking to
> payson.visionengravers.com:
> >>> MAIL From:<Bain@123-stock.info> SIZE=1577
> <<< 451 4.1.8 Domain of sender address Bain@123-stock.info does not resolve
> <carol@westerneng.com>... Deferred: 451 4.1.8 Domain of sender address
> Bain@123-stock.info does not resolve
> Warning: message still undelivered after 4 hours Will keep trying until
> message is 5 days old
>
> +++++++++++++++++++++
>
> Here is the text from maillog. The one that has me concerned is to
> Bain@123-stock.info.
>
> Aug 9 22:53:30 payson sendmail[22510]: i75547IJ006693:
> to=<Bain@123-stock.info>, delay=5+00:48:43, xdelay=00:00:22, mailer=esmtp,
> pri=10652601, relay=mail.senderservices.info. [65.59.208.76], dsn=4.0.0,
> stat=Deferred: 421 SMTP service not available, closing transmission channel
> Aug 9 22:53:31 payson sendmail[22510]: i75547IJ006693: i7A5qnhx022510:
> return to sender: Cannot send message for 5 days
> Aug 9 22:53:31 payson sendmail[22510]: i7A5qnhx022510: to=root,
> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=34654, dsn=2.0.0,
> stat=Sent
>
> Thanks,
> --Bill
>
> On Wed, 11 Aug 2004, Bill Wesson wrote:
>
> > I have a message from Postmaster Notify on my Sendmail server that I'm not
> > quite sure about. It appears someone has successfully relayed. We have
> SMTP
> > authorization set, so a password may have been guessed. Would anyone be
> able
> > to take a look at the message to see if my guess is correct? I can forward
> > the message to you off list.
>
> Post to this list the few lines from your mail logs that correspond with
> this related message.
>
> > Also, are there any good automatic relay-block testers not affiliated with
> a
> > RBL that can deliver accurate information?
>
> Have a look at the relay checker tools linked from
> http://spamlinks.openrbl.org/tools-relay.htm
>
>
> Jeremy C. Reed
>
> BSD News, BSD tutorials, BSD links
> http://www.bsdnewsletter.com/
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
Bryce C <
Plug@BryceCo.Net>
CoBryce Communications
(text/plain)
