SMTP access

[Rhugga]

Michael Sullivan wrote:
> I read my log watch every day for my server PC each time I notice an
> attempted unauthorized access I run the IP through whois and then I send
> an email to the abuse@ address I see at the bottom of whois report. 
> This morning I found a third attempt to send email through my smtp
> server from kornet.net.  Is there anyone I can report them to if it
> happens again?  I've sent them email all three times that they've
> attempted to use my server...
> 
> -Michael Sullivan-
> 
> 
Well, if it is one of these spare bedroom data center type ISPs that are 
springing up to send spam mail, your quest may become futile. I write 
code for an anti-spam mail filtering service provider, and it is a royal 
pain in the ass to track down these luzers. (assuming this is a spammer 
probe and not a legitimate mistake some admin might be making) Also, it 
may be an infected host in that network that has some kind of 
adware/spyware/spamware daemon probing for extra hops.

You may wanna play with them a little bit, give him an open relay and 
see what follows. (dont walk away from the terminal while you are doing 
this, I mean, be watching tcpdump in real time) If this is a smapper 
ISP, just block their network/domain/whatever at your smtp server. 
(postfix is great for this type of thing)

-cc