SMTP access
Rhugga
redhat at zulu420.com
Tue Apr 6 22:12:05 UTC 2004
Michael Sullivan wrote:
> I read my log watch every day for my server PC each time I notice an
> attempted unauthorized access I run the IP through whois and then I send
> an email to the abuse@ address I see at the bottom of whois report.
> This morning I found a third attempt to send email through my smtp
> server from kornet.net. Is there anyone I can report them to if it
> happens again? I've sent them email all three times that they've
> attempted to use my server...
>
> -Michael Sullivan-
>
>
Well, if it is one of these spare bedroom data center type ISPs that are
springing up to send spam mail, your quest may become futile. I write
code for an anti-spam mail filtering service provider, and it is a royal
pain in the ass to track down these luzers. (assuming this is a spammer
probe and not a legitimate mistake some admin might be making) Also, it
may be an infected host in that network that has some kind of
adware/spyware/spamware daemon probing for extra hops.
You may wanna play with them a little bit, give him an open relay and
see what follows. (dont walk away from the terminal while you are doing
this, I mean, be watching tcpdump in real time) If this is a smapper
ISP, just block their network/domain/whatever at your smtp server.
(postfix is great for this type of thing)
-cc
More information about the redhat-list
mailing list