Spam relay?
in [Sendmail]
|
Prev: Sendmail SmartHost Alternative
Next: Brand Watches Tissot Le Locle T41.1.183.52 Discount, Swiss, Fake
From: Joe Makowiec on 24 Apr 2008 07:16 I received the following email this morning; .com and .org changed to ..invalid: /// Start copied message /// From ???@??? Thu Apr 24 06:23:52 2008 X-Persona: <Antigonish List> Return-Path: <MAILER-DAEMON(a)makowiec.invalid> Received: from spamfilter1.connetik.com ([142.166.135.76]) by makowiec.com (8.14.1/8.13.8) with ESMTP id m3O985v8013761 for <antigonish(a)makowiec.invalid>; Thu, 24 Apr 2008 05:08:16 -0400 MIME-Version: 1.0 From: Connetik Spam Firewall 1 <postmaster(a)connetik.com> Message-Id: <20080424073804.3040.qmail(a)orient> Subject: **Message you sent blocked by our bulk email filter** Content-Type: multipart/report; report-type=delivery-status; charset=utf-8; boundary="----------=_1209028080-22933-63" To: <antigonish(a)makowiec.invalid> Date: Thu, 24 Apr 2008 06:08:00 -0300 (ADT) Your message to: antigonish(a)coastalinns.invalid was blocked by our Spam Firewall. The email you sent with the following subject has NOT BEEN DELIVERED: Subject: 60% Off All Luxury Designer Shoes & Boots Men & Women Gucci Prada Chanel Reporting-MTA: dns; spamfilter1.connetik.com Received-From-MTA: smtp; spamfilter1.connetik.com ([127.0.0.1]) Arrival-Date: Thu, 24 Apr 2008 06:08:00 -0300 (ADT) Final-Recipient: rfc822; antigonish(a)coastalinns.invalid Action: failed Status: 5.7.1 Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=22933-01-43 Last-Attempt-Date: Thu, 24 Apr 2008 06:08:00 -0300 (ADT) Received: from orient (localhost [127.0.0.1]) by spamfilter1.connetik.com (Spam Firewall) with SMTP id EC0931B84D3 for <antigonish(a)coastalinns.invalid>; Thu, 24 Apr 2008 06:07:58 -0300 (ADT) Received: from orient ([123.236.157.84]) by spamfilter1.connetik.com with SMTP id 7bRoZVvCgMJntF9P for <antigonish(a)coastalinns.invalid>; Thu, 24 Apr 2008 06:07:58 -0300 (ADT) X-Originating-IP: [35.15.2.3] X-Originating-Email: [antigonish(a)coastalinns.invalid] X-Sender: antigonish(a)coastalinns.invalid Message-Id: <20080424073804.3040.qmail(a)orient> To: <antigonish(a)coastalinns.invalid> Subject: 60% Off All Luxury Designer Shoes & Boots Men & Women Gucci Prada Chanel From: <antigonish(a)coastalinns.com> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Date: Thu, 24 Apr 2008 06:07:58 -0300 (ADT) /// End copied message /// The relevant entries from maillog: Apr 24 05:08:07 makowiec sendmail[13762]: ruleset=check_relay, arg1=[123.236.157.84], arg2=127.0.0.11, relay=[123.236.157.84], reject=550 5.7.1 Denied RBL 123.236.157.84 by zen.spamhaus.org Apr 24 05:08:16 makowiec sendmail[13761]: m3O985v8013761: from=<>, size=2481, class=0, nrcpts=1, msgid=<20080424073804.3040.qmail(a)orient>, proto=ESMTP, daemon=MTA, relay=[142.166.135.76] Apr 24 05:08:16 makowiec sendmail[13763]: m3O985v8013761: to=<antigonish(a)makowiec.invalid>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32675, dsn=2.0.0, stat=Sent My home IP is 72.231.x.x; my mailserver is at 64.33.x.x. I didn't receive the original spam; however, the following lines lead me to wonder whether I have an open relay. -- Joe Makowiec http://makowiec.org/ Email: http://makowiec.org/contact/?Joe Usenet Improvement Project: http://improve-usenet.org/
From: John Thompson on 24 Apr 2008 18:06
On 2008-04-24, Joe Makowiec <makowiec(a)invalid.invalid> wrote: > I received the following email this morning; .com and .org changed to > .invalid: > > /// Start copied message /// > From ???@??? Thu Apr 24 06:23:52 2008 > X-Persona: <Antigonish List> > Return-Path: <MAILER-DAEMON(a)makowiec.invalid> > Received: from spamfilter1.connetik.com ([142.166.135.76]) > by makowiec.com (8.14.1/8.13.8) with ESMTP id m3O985v8013761 > for <antigonish(a)makowiec.invalid>; Thu, 24 Apr 2008 05:08:16 -0400 > MIME-Version: 1.0 > From: Connetik Spam Firewall 1 <postmaster(a)connetik.com> > Message-Id: <20080424073804.3040.qmail(a)orient> > Subject: **Message you sent blocked by our bulk email filter** > Content-Type: multipart/report; report-type=delivery-status; > charset=utf-8; > boundary="----------=_1209028080-22933-63" > To: <antigonish(a)makowiec.invalid> > Date: Thu, 24 Apr 2008 06:08:00 -0300 (ADT) > > Your message to: antigonish(a)coastalinns.invalid > was blocked by our Spam Firewall. The email you sent with the following subject has NOT BEEN DELIVERED: > Subject: 60% Off All Luxury Designer Shoes & Boots Men & Women Gucci Prada Chanel > Reporting-MTA: dns; spamfilter1.connetik.com > Received-From-MTA: smtp; spamfilter1.connetik.com ([127.0.0.1]) > Arrival-Date: Thu, 24 Apr 2008 06:08:00 -0300 (ADT) > > Final-Recipient: rfc822; antigonish(a)coastalinns.invalid > Action: failed > Status: 5.7.1 > Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=22933-01-43 > Last-Attempt-Date: Thu, 24 Apr 2008 06:08:00 -0300 (ADT) > > Received: from orient (localhost [127.0.0.1]) > by spamfilter1.connetik.com (Spam Firewall) with SMTP id EC0931B84D3 > for <antigonish(a)coastalinns.invalid>; Thu, 24 Apr 2008 06:07:58 -0300 (ADT) > Received: from orient ([123.236.157.84]) by spamfilter1.connetik.com with SMTP id 7bRoZVvCgMJntF9P for <antigonish(a)coastalinns.invalid>; Thu, 24 Apr 2008 06:07:58 -0300 (ADT) > X-Originating-IP: [35.15.2.3] > X-Originating-Email: [antigonish(a)coastalinns.invalid] > X-Sender: antigonish(a)coastalinns.invalid > Message-Id: <20080424073804.3040.qmail(a)orient> > To: <antigonish(a)coastalinns.invalid> > Subject: 60% Off All Luxury Designer Shoes & Boots Men & Women Gucci Prada Chanel > From: <antigonish(a)coastalinns.com> > MIME-Version: 1.0 > Content-Type: text/plain; charset="ISO-8859-1" > Content-Transfer-Encoding: 7bit > Date: Thu, 24 Apr 2008 06:07:58 -0300 (ADT) > /// End copied message /// > > The relevant entries from maillog: > > Apr 24 05:08:07 makowiec sendmail[13762]: ruleset=check_relay, arg1=[123.236.157.84], arg2=127.0.0.11, relay=[123.236.157.84], reject=550 5.7.1 Denied RBL 123.236.157.84 by zen.spamhaus.org > Apr 24 05:08:16 makowiec sendmail[13761]: m3O985v8013761: from=<>, size=2481, class=0, nrcpts=1, msgid=<20080424073804.3040.qmail(a)orient>, proto=ESMTP, daemon=MTA, relay=[142.166.135.76] > Apr 24 05:08:16 makowiec sendmail[13763]: m3O985v8013761: to=<antigonish(a)makowiec.invalid>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32675, dsn=2.0.0, stat=Sent > > My home IP is 72.231.x.x; my mailserver is at 64.33.x.x. > > I didn't receive the original spam; however, the following lines lead > me to wonder whether I have an open relay. I don't see your IP in any of the Received: lines. Looks like it's just backscatter from a joe-job operation. There are a number of places that can check your IP for an open relay, just google "Mail relay testing" if you want to check. -- John (john(a)os2.dhs.org) |