Re: Help! I've been used as a SPAM launch point!

Chris Newbill Mon, 8 Jun 1998 16:20:10 -0400
A firewall will not help with sendmail.  What version do you have?  You need
an 8.8.5  sendmail.cf file at least so that it will stop Relayers.  We have
had this problem until recently when we made this move.  Now the spammers
get a message saying relaying denied.  Much better.

Chris
-----Original Message-----
From: Mike Edwards <[EMAIL PROTECTED]>
To: Red Hat Linux List <[EMAIL PROTECTED]>; FWTK List
<[EMAIL PROTECTED]>
Date: Monday, June 08, 1998 9:00 AM
Subject: Help! I've been used as a SPAM launch point!


>When I got back from lunch today, I heard our server's hard drive spinning
>like crazy.  We don't get a lot of traffic, so this concerned me.  A quick
>look at ps aux and my debug.log showed that I was being used as a SPAM
>host.  I'm pretty mad right now!
>What can I do to prevent this from happening again?  Anything?  I thought
>I was snug and cozy behind our firewall...
>
>FWIW, here's a snippet from my debug.log (pardon my verbosity):
>
>Jun  8 13:43:15 iserver sendmail[12617]: NAA12617: Authentication-Warning:
iserver.ega.com: mail set sender to
<[EMAIL PROTECTED]> using -f
>Jun  8 13:43:15 iserver sendmail[12617]: NAA12617:
from=<[EMAIL PROTECTED]>, size=5518, class=0,
pri=35518, nrcpts=1,
msgid=<000b01bd930c$9d0011c0$[EMAIL PROTECTED]>,
relay=mail@localhost
>Jun  8 18:43:15 iserver smapd[12616]: delivered file=sma012615 pid=12617
code=0
>Jun  8 13:43:16 iserver sendmail[12619]: NAA12617: to=<[EMAIL PROTECTED]>,
ctladdr=<[EMAIL PROTECTED]> (8/0),
delay=00:00:01, xdelay=00:00:01, mailer=local, stat=Sent
>Jun  8 13:43:28 iserver ipop3d[12621]: connect from jim3_pc
>Jun  8 13:43:28 iserver ipop3d[12621]: Login user=edwards host=jim3_pc
>Jun  8 13:43:28 iserver ipop3d[12621]: Logout user edwards host jim3_pc
>Jun  8 18:43:37 iserver smap[12622]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:37 iserver smap[12623]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:37 iserver smap[12624]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:38 iserver smap[12625]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:38 iserver smap[12626]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:38 iserver smap[12627]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:39 iserver smap[12628]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:39 iserver smap[12629]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:39 iserver smap[12630]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:40 iserver smap[12631]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:40 iserver smap[12632]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:40 iserver smap[12633]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:41 iserver smap[12634]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:41 iserver smap[12635]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:42 iserver smap[12636]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:42 iserver smap[12637]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:42 iserver smap[12638]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:43 iserver smap[12639]: connect
host=ad21-107.arl.compuserve.com/199.174.163.107
>Jun  8 18:43:48 iserver smap[12623]:
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 18:43:48 iserver smap[12623]:
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 18:43:48 iserver smap[12623]:
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 18:43:48 iserver smap[12623]: exiting
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
>[snip]
>Jun  8 18:43:50 iserver smap[12626]:
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 18:43:50 iserver smap[12626]:
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 18:43:50 iserver smap[12626]:
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 18:43:50 iserver smap[12626]: exiting
host=ad21-107.arl.compuserve.com/199.174.163.107 bytes=4510
>[snip]
>Jun  8 19:57:19 iserver smap[13758]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8347
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:57:19 iserver smap[13758]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8347
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:57:19 iserver smap[13758]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8347
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:54 iserver smap[13759]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8081
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:00 iserver smap[13760]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8219
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:00 iserver smap[13760]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8219
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:00 iserver smap[13760]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8219
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>Jun  8 19:56:00 iserver smap[13760]:
host=ad52-001.arl.compuserve.com/199.174.186.1 bytes=8219
from=<[EMAIL PROTECTED]> [EMAIL PROTECTED]
>
>(My apologies to anyone that received this sh*t through me!)
>
>Thanks!
>Mike
>==========================
>Mike Edwards, MIS
>Edwards Graphic Arts, Inc.
>mailto:[EMAIL PROTECTED]
>
>
>--
>  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>         To unsubscribe: mail [EMAIL PROTECTED] with
>                       "unsubscribe" as the Subject.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.
Re: Help! I've been used as a SPAM launch point!

Reply via email to
