[plug] Is this a spam attack?

Bret Busby bret at busby.net
Tue May 13 17:05:08 WST 2003


On Tue, 13 May 2003, Jon  Miller wrote:

> 
> Just put a server online and within minutes the following showed up in the maillog.
> May 13 16:21:26 rhfs1 postfix/smtp[2128]: connect to mx-smtp.goodnet.com[207.98.129.120]: Connection timed out (port 25)
> May 13 16:21:26 rhfs1 postfix/smtp[2128]: 5BBB314AC14: to=<tkidd at netzone.com>, relay=none, delay=379, status=deferred (connect to mx-smtp.goodnet.com[207.98.129.120]: Connection timed out)
> May 13 16:22:02 rhfs1 postfix/smtp[2148]: C945814ABD9: to=<leardl5 at yahoo.com>, relay=mx2.mail.yahoo.com[64.156.215.5], delay=8849, status=deferred (host mx2.mail.yahoo.com[64.156.215.5] said: 421 VS5-MF Excessive unknown recipients - possible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5))
> May 13 16:22:02 rhfs1 postfix/smtp[2148]: C945814ABD9: to=<leardl5 at yahoo.com>, relay=mx2.mail.yahoo.com[64.156.215.5], delay=8849, status=deferred (lost connection with mx2.mail.yahoo.com[64.156.215.5] while sending RCPT TO)
> May 13 16:23:46 rhfs1 postfix/smtp[2151]: connect to mx2.mail.yahoo.com[64.157.4.82]: Connection timed out (port 25)
> May 13 16:23:47 rhfs1 postfix/smtp[2151]: 5686D14AB8A: to=<lauraetsu at yahoo.com>, relay=mx1.mail.yahoo.com[64.156.215.5], delay=13559, status=deferred (host mx1.mail.yahoo.com[64.156.215.5] said: 421 VS5-MF Excessive unknown recipients - possible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5))
> May 13 16:23:47 rhfs1 postfix/smtp[2151]: 5686D14AB8A: to=<lauraetsu at yahoo.com>, relay=mx1.mail.yahoo.com[64.156.215.5], delay=13559, status=deferred (lost connection with mx1.mail.yahoo.com[64.156.215.5] while sending RCPT TO)
> 
> Is this a spam attack?
> 
> Jon L. Miller, MCNE, CNS
> Director/Sr Systems Consultant
> MMT Networks Pty Ltd
> http://www.mmtnetworks.com.au
> 
> "I don't know the key to success, but the key to failure
>  is trying to please everybody." -Bill Cosby
> 
> 

Taking into consideration, my limited knowledge, it appears to me, to be 
notsomuch a spam attack, as a breach of your server, with your server 
being attempted to be used for relaying.

We have something in our firewall (something to do with TrinityOS, from 
memory), that appears to prevent relaying.

-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
  Chapter 28 of 
  "The Hitchhiker's Guide to the Galaxy:
  A Trilogy In Four Parts",
  written by Douglas Adams, 
  published by Pan Books, 1992 
....................................................



More information about the plug mailing list