lamers looking for relays
Bill Campbell
bill
Mon May 17 11:35:22 PDT 2004
On Thu, Jul 25, 2002 at 05:06:24PM -0400, Sys Admin wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Been seeing a *ton* of these lately... watch your machines folks..
The njabl.org folks are taking over where ORBS and friends left off,
scanning machines for relays without any reason other than they can (e.g.
they haven't any spam from the systems to justify a relay test).
That isn't to say that there aren't a buttload of spammers looking for open
relays, we see hundreds of attempts per day in our smail-3.2 logs (which we
enter in our local RBL to prevent them from ever sending anything to our
servers in the future).
The best open relay I know of is relays.visi.com. They only list sites
that have actually sent spam. We forward several hundred IP addresses a
day to them from our spamtraps. They then do a test to verify that the
host is truly an open relay, and list them appropriately. We block about
100,000 connections a day, 75,000 of which are listed by them.
>Security Violations
>=-=-=-=-=-=-=-=-=-=
>Jul 25 01:28:50 linux-sxs sendmail[21072]: g6P5Snrw021072:
> ruleset=check_rcpt, arg1=<relaytest at rr.njabl.org>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest at rr.njabl.org>... Relaying denied Jul 25 01:28:51
> linux-sxs sendmail[21072]: g6P5Snrx021072: ruleset=check_rcpt,
> arg1=<relaytest at rr.njabl.org>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest at rr.njabl.org>... Relaying denied Jul 25 01:28:51
> linux-sxs sendmail[21072]: g6P5Sns0021072: ruleset=check_rcpt,
> arg1=<relaytest at rr.njabl.org>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest at rr.njabl.org>... Relaying denied Jul 25 01:28:51
> linux-sxs sendmail[21072]: g6P5Sns1021072: ruleset=check_mail,
> arg1=<relaytestsend>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=553 5.5.4 <relaytestsend>... Domain name required for sender address
> relaytestsend Jul 25 01:28:51 linux-sxs sendmail[21072]: g6P5Sns2021072:
> ruleset=check_mail, arg1=<relaytestsend at localhost>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=553 5.5.4 <relaytestsend at localhost>... Real domain name required for
> sender address Jul 25 01:28:52 linux-sxs sendmail[21072]: g6P5Sns3021072:
> ruleset=check_rcpt, arg1=<relaytest at rr.njabl.org>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest at rr.njabl.org>... Relaying denied Jul 25 01:28:52
> linux-sxs sendmail[21072]: g6P5Sns4021072: ruleset=check_rcpt,
> arg1=<relaytest at rr.njabl.org>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest at rr.njabl.org>... Relaying denied Jul 25 01:28:52
> linux-sxs sendmail[21072]: g6P5Sns5021072: ruleset=check_rcpt,
> arg1=<relaytest at rr.njabl.org>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest at rr.njabl.org>... Relaying denied Jul 25 01:28:52
> linux-sxs sendmail[21072]: g6P5Sns6021072: ruleset=check_rcpt,
> arg1=<relaytest%rr.njabl.org at ESMTP>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest%rr.njabl.org at ESMTP>... Relaying denied Jul 25
> 01:28:53 linux-sxs sendmail[21072]: g6P5Sns8021072: ruleset=check_rcpt,
> arg1=<relaytest%rr.njabl.org at ESMTP>,
> relay=IDENT:+dX7vjBJCCo91k5FlbhRmGn5AWiziDBO at rt.njabl.org [209.208.0.15],
> reject=550 5.7.1 <relaytest%rr.njabl.org at ESMTP>... Relaying denied
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.7 (GNU/Linux)
>
>iD8DBQE9QGhQSrrWWknCnMIRAhylAKDUEE0eKUmxknB6tdOyYtAtb/nygQCgrigz
>tCCTPqp/M6XxrYLLbYeprG4=
>=aiTX
>-----END PGP SIGNATURE-----
>
>
>_______________________________________________
>Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users
>Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
>
--
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
Government spending? I don't know what it's all about. I don't know
any more about this thing than an economist does, and, God knows, he
doesn't know much.
-- Will Rogers
More information about the Linux-users
mailing list