On Sat, 2006-03-25 at 11:35 +0100, mouss wrote: > Yousef Raffah wrote: > > Hello Everyone, > > > > I've been under a spam storm for the last two days and most of the > > message I get are similar to the one below, message for > > [EMAIL PROTECTED], I really don't understand how come I'm receiving > > such messages! Can someone help me prevent these messages? > > you'll need to check in your postfix logs. > > > > > Return-Path: <> > > Received: from 10.0.0.4 by ocs.savola.com with ESMTP id > > 50091021143204306; Fri, 24 Mar 2006 15:45:06 +0300 > > Received: from kansai.savoladns.com ([10.0.0.3]) by Savola_Proxy2 with > > InterScan Messaging Security Suite; Fri, 24 Mar 2006 16:07:03 +0300 > > X-Envelope-From: <[EMAIL PROTECTED]> > > X-Envelope-To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, > > <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > > X-Quarantine-Id: <ieTYZkD94JBN> > > Received: from 54156D58 (localhost [127.0.0.1]) by kansai.savoladns.com > > (Postfix) with SMTP id 2AE131020D; Fri, 24 Mar 2006 15:56:34 +0300 (AST) > > so your postfix received it from localhost with an hello=54156D58 (not > very standard....). > > > X-Apparently-To: [EMAIL PROTECTED] via dress.prima.com; Fri, 24 Mar > > 2006 07:55:04 -0500 > > Received: from skin (HELO pencil.prima.com) by small.prima.com with > > This is not generated by postfix. is prima.com your system? If so, what > is this skin? if not yours, configure your small.prima.com to reject the > forged hello (skin is helloing as pencil.prima.com) > > if small.prima.com isn't yours, then you have a problem on > kansasi.savoladns.com. it got the mail from localhost. vulnerable > cgi/web form? open proxy? > I guess you pointed it out correctly, I had a proxy server running for test purposes and I guess it allowed passing the messages "somehow" to the mailserver as I can see in the proxy logs something like:
1143268316.235 112970 209.172.32.52 TCP_MISS/200 39 CONNECT 206.16.192.227:25 - DIRECT/206.16.192.227 - Anyhow, the problem is solved now as I have shut the proxy server. Thanks for all your help :) Sincerely, Yousef Raffah Senior Systems Administrator SSIS - The Savola Group -- Aren't you using Firefox? Get it at getfirefox.com yousef.raffah.com
signature.asc
Description: This is a digitally signed message part