actually. i am running a email server.. just not the "normal" email server. I run postfix.. and you are right about the scanning.. i would have thought that my school's "security" team would stop that on there subnets.. but then they do not really care about the student computers. and my logs do show a connection.. just that they lost connection after the DATA command was issued.. and my logs show noting being sent out.. my guess is someone trolling with a "sploiter" or like you said a spammer trying to get a new relay.
thanks for you 0.02 Craig On Wed, Feb 06, 2002 at 12:24:17PM -0500, Mike Gilles wrote: > A lot of times "spammers" will just do some whole scale scanning for email > servers vulnerable to mail relaying. And then take the results to bounce > their porn spam or vinyl siding advertisement off those unsuspecting hosts.. > which if traced back leads to the relayed mail server not the spammer..... > Anyway, I'm probably not telling you anything new... Just thought it might > a relaying test as part of a scan (any other hosts hit as a scan would do?), > since your not running a mail server the communication was rejected. Thus > no worries. The blocking of the IP could have limited effectiveness, who > knows if the IP was the spammer or a compromised host. Oh well, just my 2 > cents! > > -MG > > Some Security Guy > > -----Original Message----- > From: Craig Van Tassle [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 06, 2002 2:30 AM > To: [EMAIL PROTECTED] > Cc: security-basics > Subject: Re: spam > > > Well the only fire wall i have is the ipfileters that come with FreeBSD. > and i dont use sendmail.. so im not worried about that.. i though that was > what > someone was doing.. i just went ahead and denied them in my firewall. > > any other suggestions? > thanks > Craig > > > On Wed, Feb 06, 2002 at 07:27:11AM +0000, [EMAIL PROTECTED] wrote: > > Hi Craig > > > > It looks like some has telnet'ed to port 25 on your mail-server. what > > firewall do you use ? > > > > > > Kind regards > > > > Jude Naidoo > > Internet Analyst > > GSK Internet/Intranet Operations > > x784 6740 > > +44 1279 64 6740 > > > > > > > > > > > > > > "Craig Van Tassle" <[EMAIL PROTECTED]> > > > > 05-Feb-2002 06:57 > > > > > > > > > > To: security-basics > > > > cc: > > Subject: spam > > > > > > I was wondering if any one knows if people (spammers) watch the security > > focus mailing lists to get peoples email addys? over the last couple of > > months i have been getting sporaticaly spam emails.. > > and i also noticed some funy things from my mail logs.. > > > > Feb 3 23:16:53 postfix/smtpd[33997]: lost connection after DATA from > > unknown[209.149.145.250] > > Feb 3 23:16:53 postfix/smtpd[33997]: disconnect from > > unknown[209.149.145.250] > > Feb 3 23:16:53 postfix/cleanup[33998]: 846CD3F1A: > > message-id=<[EMAIL PROTECTED]> > > > > does that mean that someone have been trying to get in though my email > > server or if they are just useing me as remailer? > > > > thanks > > > > > >
