03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] HELO 208.253.112.160
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] MAIL FROM:
<[EMAIL PROTECTED]>
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECTED]>
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECTED]>
03:12 1
am
> Sent: Wednesday, March 12, 2003 4:23 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] How did this Spammer get through?
>
> What's strange is that the only thing consistent around all of the spam
emails is the
> IP address 169.207.38.237, which is listed with SpamCo
What's strange is that the only thing consistent around all of the spam emails is the
IP address 169.207.38.237, which is listed with SpamCop.
Should declude pick that up? I've got spamcop listed as an automatic hold, but
somehow he keeps getting through.
Thanks.
b
-- Original Messa
Here's another example:
03:12 15:59 SMTPD(2842009C) [10.9.8.51] connect 169.207.38.237 port 4345
03:12 15:59 SMTPD(2842009C) [169.207.38.237] HELO 208.253.112.160
03:12 15:59 SMTPD(2842009C) [169.207.38.237] MAIL FROM: <[EMAIL PROTECTED]>
03:12 15:59 SMTPD(2842009C) [169.207.38.237] RCPT TO: <[EMA
Here you go:
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] HELO 208.253.112.160
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] MAIL FROM: <[EMAIL PROTECTED]>
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECTED]>
03:12 18:35 SMTPD(0F9200BE) [169.207.38.237] RCPT TO: <[EMAIL PROTECT
Here's an example of the email he's trying to relay through:
The key information isn't in the headers in this case -- it's in the IMail
SMTP log file. Most importantly are the "RCPT TO:" lines, which will show
who the E-mail was actually addressed to, and whether or not some hack was
used to r
I've got several held emails from a spammer trying to use our system for
relay.
I've got the box locked down to only accept relay from "authenticated"
users, but somehow this guy got through.
Luckily, I've got hijack on the box, which has blocked all of his
emails.
Here's an example of the email