[cobalt-security] Chinese mail relay hacker ?

Fri, 09 Feb 2001 15:52:46 -0800

Title:

while monitoring my logs and RaQ2 OS3 I notice a users attempting to relay from mail.163bj.com (a chinese based webmail service) the logs show that they were able to relay mail however I have since added to mail.163bj.com to reject list, which appears to have stopped it

As my server was only set to relay mail for 127.0.0.1 and domain names that are listed on it. how have they been able to relay??????


Feb  9 17:47:20 dns sendmail[22253]: RAA22253: from=<[EMAIL PROTECTED]>, size=14209, class=0, pri=44209, nrcpts=1, msgid=<005f01c092c0$6c9a46c0$5824873d@saohua>, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 17:48:00 dns sendmail[22259]: RAA22257: [EMAIL PROTECTED], ctladdr=mail (8/12), delay=00:00:38, xdelay=00:00:38, mailer=esmtp, relay=mail.163bj.com. [202.106.196.67], stat=Sent (Message received: [EMAIL PROTECTED])
Feb  9 18:09:07 dns sendmail[22425]: NOQUEUE: Null connection from mail.163bj.com [202.106.196.67]
Feb  9 18:16:57 dns sendmail[22468]: NOQUEUE: Null connection from mail.163bj.com [202.106.196.67]
Feb  9 18:45:20 dns sendmail[22756]: SAA22756: collect: unexpected close on connection from mail.163bj.com, sender=<[EMAIL PROTECTED]>: Error 0
Feb  9 18:45:20 dns sendmail[22756]: SAA22756: from=<[EMAIL PROTECTED]>, size=10896, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 19:30:25 dns sendmail[23332]: TAA23332: collect: unexpected close on connection from mail.163bj.com, sender=<[EMAIL PROTECTED]>: Error 0
Feb  9 19:30:25 dns sendmail[23332]: TAA23332: from=<[EMAIL PROTECTED]>, size=0, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 19:56:15 dns sendmail[23598]: TAA23598: lost input channel from mail.163bj.com [202.106.196.67]
Feb  9 19:56:15 dns sendmail[23598]: TAA23598: from=<[EMAIL PROTECTED]>, size=2323180, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 20:37:31 dns sendmail[24096]: UAA24096: lost input channel from mail.163bj.com [202.106.196.67]
Feb  9 20:37:31 dns sendmail[24096]: UAA24096: from=<[EMAIL PROTECTED]>, size=2323180, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 21:55:55 dns sendmail[24912]: VAA24912: collect: unexpected close on connection from mail.163bj.com, sender=<[EMAIL PROTECTED]>: Error 0
Feb  9 21:55:55 dns sendmail[24912]: VAA24912: from=<[EMAIL PROTECTED]>, size=17855, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 22:20:59 dns sendmail[25311]: WAA25311: lost input channel from mail.163bj.com [202.106.196.67]
Feb  9 22:20:59 dns sendmail[25311]: WAA25311: from=<[EMAIL PROTECTED]>, size=2323180, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 22:44:10 dns sendmail[25504]: WAA25504: collect: unexpected close on connection from mail.163bj.com, sender=<[EMAIL PROTECTED]>: Error 0
Feb  9 22:44:10 dns sendmail[25504]: WAA25504: from=<[EMAIL PROTECTED]>, size=10896, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 23:09:50 dns sendmail[25838]: XAA25838: lost input channel from mail.163bj.com [202.106.196.67]
Feb  9 23:09:50 dns sendmail[25838]: XAA25838: from=<[EMAIL PROTECTED]>, size=2323180, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=mail.163bj.com [202.106.196.67]
Feb  9 23:26:49 dns sendmail[26127]: NOQUEUE: ruleset=check_relay, arg1=mail.163bj.com, arg2=202.106.196.67, relay=mail.163bj.com [202.106.196.67], reject=550 Mail rejected due to possible SPAM
Feb  9 23:27:16 dns sendmail[26127]: NOQUEUE: Null connection from mail.163bj.com [202.106.196.67]

 

I await your reply

Reply via email to