Re: [gentoo-user] Spam Attempt?
On Wed, 19 Jan 2005 13:03:32 +0100, Ralph Slooten <[EMAIL PROTECTED]> wrote: > Yes, attempts by spammers to use you as a relay. You say 200 machines > all over the world in one hour? That does seem a LOT, seeing as I get > probably about 10 a day. Yes, it's a lot. But not exceptionally so. That is how some of the worms work - propagate to as many hosts as possible and then open attempt to do harm through these. Regards, Martin S -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
Appart from the relevancy remark. Yes it seems like some worm/trojan attack. On Wed, 19 Jan 2005 09:19:23 +, Michael Thompson <[EMAIL PROTECTED]> wrote: > For the past hour I have just watched over 200 dialup machines from all > over the world attemp to connect to my Mailserver > > They were all rejected like the following > > Jan 19 09:05:07 polaris postfix/smtpd[24494]: warning: Illegal address > syntax from host195-202.pool82191.interbusiness.it[82.191.202.195] in > MAIL command: @ > > This lasted for about a hour. All I can think of is that I was picked on > by some script/virus/Trojan looking to spam. > > Any Views? > -- > > Mike > > http://www.thompsonmike.co.uk > > -- > gentoo-user@gentoo.org mailing list > > -- Regards, Martin S -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Thompson wrote: | For the past hour I have just watched over 200 dialup machines from all | over the world attemp to connect to my Mailserver | | They were all rejected like the following | | Jan 19 09:05:07 polaris postfix/smtpd[24494]: warning: Illegal address | syntax from host195-202.pool82191.interbusiness.it[82.191.202.195] in | MAIL command: @ | | This lasted for about a hour. All I can think of is that I was picked on | by some script/virus/Trojan looking to spam. | | Any Views? If you have a firewall setup, you could set the address of 82.191.202.195, to be drooped by the firewall. If your mail system is sendmail, you can add the address to the spam list and just tell it to be dropped. HTH Mike -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB7xp8lJFYJP/fwTsRApp/AKCBiYaUvXMvSBMqzUpyEjD+fNmyAgCdGDKQ IahV60Uvx03e3OqvvPQlL2g= =OH5n -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
On Wed, 19 Jan 2005 10:12:48 -0500 reg hughson <[EMAIL PROTECTED]> wrote: > On Wed, 19 Jan 2005 22:32:36 +1300 (NZDT) > "Nick Rout" <[EMAIL PROTECTED]> wrote: > > > > > > > > > Any Views? > > > > yes, post to a relevant list! > > > > > Why is it so many people are rude and ignorant on the Net? I have to > wonder if you would make snotty comments like this in person. are you talking about me or the person who posted the OT comment in the first place? I know that there is a lot of OT stuff on this list, and some of it very interesting. Most is related in some way to gentoo though, whereas this thread isn't at all. There are many mailing lists and newsgroups that would be far more appropriate for this thread. as for spam attempts, you put something up on port 25 you are going to get connection attempts. the best way to sort that is to make sure your mail server is secure and configured to reject bad stuff (like the OP's did). You can get your firewall to start rejecting netblocks or single IP addresses if you can be bnothered maintaining such a setup. The OP's MTA seems to have rejected the transactions before the DATA phase, so not a lot of bandwidth has been wasted, maybe he needs to do nothing. > > > > > -- > > > > > > > > > Mike > > > > > > http://www.thompsonmike.co.uk > > -- > gentoo-user@gentoo.org mailing list -- Nick Rout <[EMAIL PROTECTED]> -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
reg hughson wrote: On Wed, 19 Jan 2005 22:32:36 +1300 (NZDT) "Nick Rout" <[EMAIL PROTECTED]> wrote: Any Views? yes, post to a relevant list! Why is it so many people are rude and ignorant on the Net? I have to wonder if you would make snotty comments like this in person. Hardly. This list happens to be a relatively tolerant one if you were to compare it to, say, the comp.lang.c++ list. There are reasons for keeping a list on topic, most of them being fairly obvious. _k -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
Bastian Balthazar Bux wrote: Think that he was pointing that on this list few person have that kind of knowledge. And so it's difficult for you have an adeguate answer. For example gentoo-server should be a better try. Optionally if you want to put an "off-topic" argument in whatever list you should mark it "[OT]" or similar. Who read it is more psicologicaly prepared to read an off-topic and so can chose to ignore it or to answer or to point you on the right place. best regards francesco riosa -- I disagree, I've found that there are quite a few very knowledgeable members on this list. I've seen many posts here re: setting up mail servers, web servers and security issues for just about anything in respect to the net. With the amount of mail generated by this list daily, shows that there is a very large (diverse) audience here. I do agree with the [OT] use in matters such as this, it cuts down on some of the sarcasm generated by such a post. However, such replies generate even more sarcasm and useless unnecessary posts. I've found that posts re: security have served as a "heads up" for others maintaining on the net. Cheers. -- Ted Ozolins(VE7TVO) Westbank, B. C -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
reg hughson ha scritto: On Wed, 19 Jan 2005 22:32:36 +1300 (NZDT) "Nick Rout" <[EMAIL PROTECTED]> wrote: Any Views? yes, post to a relevant list! Why is it so many people are rude and ignorant on the Net? I have to wonder if you would make snotty comments like this in person. Think that he was pointing that on this list few person have that kind of knowledge. And so it's difficult for you have an adeguate answer. For example gentoo-server should be a better try. Optionally if you want to put an "off-topic" argument in whatever list you should mark it "[OT]" or similar. Who read it is more psicologicaly prepared to read an off-topic and so can chose to ignore it or to answer or to point you on the right place. best regards francesco riosa -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
On Wed, 19 Jan 2005 22:32:36 +1300 (NZDT) "Nick Rout" <[EMAIL PROTECTED]> wrote: > > > > Any Views? > > yes, post to a relevant list! > Why is it so many people are rude and ignorant on the Net? I have to wonder if you would make snotty comments like this in person. > > -- > > > > > > Mike > > > > http://www.thompsonmike.co.uk -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
Yes, attempts by spammers to use you as a relay. You say 200 machines all over the world in one hour? That does seem a LOT, seeing as I get probably about 10 a day. [EMAIL PROTECTED] is probably your best shot for the entry below (based on IP), however if there are in actual fact 200 per hour from *all* over the world this approach won't be very useful. Is your mailserver secure? Does it actually allow connections (smtp) from outside? If these spammers find a way in, there will be *many* abuse@ emails to your ISP ... so be aware. I suggest also checking logs to see what has actually been sent, by who and to who just to make sure they didn't already find a way. Let me guess though .. the most of the other attempts are coming from the USA, Korea and China, possibly also Brazil? If this is the case then we know it is spammers Michael Thompson wrote: For the past hour I have just watched over 200 dialup machines from all over the world attemp to connect to my Mailserver They were all rejected like the following Jan 19 09:05:07 polaris postfix/smtpd[24494]: warning: Illegal address syntax from host195-202.pool82191.interbusiness.it[82.191.202.195] in MAIL command: @ This lasted for about a hour. All I can think of is that I was picked on by some script/virus/Trojan looking to spam. Any Views? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Spam Attempt?
On Wed, January 19, 2005 10:19 pm, Michael Thompson said: > For the past hour I have just watched over 200 dialup machines from all > over the world attemp to connect to my Mailserver > > They were all rejected like the following > > Jan 19 09:05:07 polaris postfix/smtpd[24494]: warning: Illegal address > syntax from host195-202.pool82191.interbusiness.it[82.191.202.195] in > MAIL command: @ > > This lasted for about a hour. All I can think of is that I was picked on > by some script/virus/Trojan looking to spam. > > Any Views? yes, post to a relevant list! > -- > > > Mike > > http://www.thompsonmike.co.uk > > -- > gentoo-user@gentoo.org mailing list > > -- gentoo-user@gentoo.org mailing list
[gentoo-user] Spam Attempt?
For the past hour I have just watched over 200 dialup machines from all over the world attemp to connect to my Mailserver They were all rejected like the following Jan 19 09:05:07 polaris postfix/smtpd[24494]: warning: Illegal address syntax from host195-202.pool82191.interbusiness.it[82.191.202.195] in MAIL command: @ This lasted for about a hour. All I can think of is that I was picked on by some script/virus/Trojan looking to spam. Any Views? -- Mike http://www.thompsonmike.co.uk -- gentoo-user@gentoo.org mailing list
