Hello got my SIMS mailserver up and running for some time, and since a few days ago i find a lot of messages sent without authoritation.
My SIMS machine runs as POP server and SMTP only for internal accounts, relay is not permited. Someone can help me stopping this spammer using my server.
10:46:24 0 SYSTEM Server impres.homeip.net started
10:46:25 4 SYSTEM Initialization completed
10:46:25 5 SYSTEM Scanning {S.0000122291}
10:46:25 5 SYSTEM Line Read: P I 29-01-2004 10:03:27 0000 YAHOO.COM.CN rhondaz301rhondaz301
10:46:25 5 SYSTEM Line Read: O T
10:46:25 5 SYSTEM Line Read: R E 29-01-2004 10:03:34 0000 uol.com.br rhondaz301
10:46:25 5 ROUTER Input: rhondaz301(uol.com.br)
10:46:25 5 ROUTER Parser: [EMAIL PROTECTED] -> rhondaz301(uol.com.br)
10:46:25 5 SYSTEM Line Read:
10:46:25 5 SYSTEM Line Read: Received: from [218.18.131.53] (HELO taxpaying) by impres.homeip.net (Stalker SMTP Server 1.8b9d14) with ESMTP id S.0000122291 for <[EMAIL PROTECTED]>; Thu, 29 Jan 2004 10:03:29 +0000
10:46:25 5 SYSTEM Line Read: From: "Baljinder Sastra"<[EMAIL PROTECTED]>
10:46:25 5 SYSTEM Line Read: To: [EMAIL PROTECTED]
10:46:25 5 SYSTEM Line Read: Subject: rhondaz301: Helqhten Mo0d & Improve [EMAIL PROTECTED] Des1re
10:46:25 5 SYSTEM Line Read: Mime-Version: 1.0
10:46:25 5 SYSTEM Line Read: Content-Type: text/html; charset=us-ascii
10:46:25 5 SYSTEM Line Read: Content-Transfer-Encoding: 7bit
10:46:25 5 SYSTEM Line Read:
10:46:25 4 SYSTEM [S.0000122291] S.0000122291 0+0 From:[EMAIL PROTECTED]
10:46:25 5 SYSTEM Scanning {S.0000122293}
10:46:25 5 SYSTEM Line Read: O T
10:46:25 5 SYSTEM Line Read: P I 29-01-2004 10:03:30 0000 NULL NULL
10:46:25 5 SYSTEM Line Read: R E 29-01-2004 10:03:33 0000 MSN.COM rhondawoodrhondawood
10:46:25 5 ROUTER Input: rhondawoodrhondawood(MSN.COM)
10:46:25 5 ROUTER Parser: [EMAIL PROTECTED] -> rhondawoodrhondawood(MSN.COM)
That's just SIMS reading in queued messages at startup, so it does not say much about how your machine is being abused. If you have the logs for the arrival of that message, it might provide more clues.
The basic rules for keeping SIMS from being abused as a relay are:
1. Use the latest (last) version: 1.8b9d14 2. Make sure 'relay for clients only' is checked. 3. Watch for password-guessing attacks against POP3 or SMTP AUTH.
Without the records of how that mail arrived, it is impossible to know what exactly was done by the spammer.
-- Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
