[plug] Is this a spam attack?

Jon Miller jlmiller at mmtnetworks.com.au
Tue May 13 17:18:10 WST 2003 

Anyone have any suggestions on a spam filter program (other than SA)?


Jon L. Miller, MCNE, CNS
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby



>>> dex at wn.com.au 4:53:39 PM 13/05/2003 >>>


On 13/05/03 17:03, Jon Miller wrote:

>Just put a server online and within minutes the following showed up in the maillog.
>May 13 16:21:26 rhfs1 postfix/smtp[2128]: connect to mx-smtp.goodnet.com[207.98.129.120]: Connection timed out (port 25)
>May 13 16:21:26 rhfs1 postfix/smtp[2128]: 5BBB314AC14: to=<tkidd at netzone.com>, relay=none, delay=379, status=deferred (connect to mx-smtp.goodnet.com[207.98.129.120]: Connection timed out)
>May 13 16:22:02 rhfs1 postfix/smtp[2148]: C945814ABD9: to=<leardl5 at yahoo.com>, relay=mx2.mail.yahoo.com[64.156.215.5], delay=8849, status=deferred (host mx2.mail.yahoo.com[64.156.215.5] said: 421 VS5-MF Excessive unknown recipients - possible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5))
>May 13 16:22:02 rhfs1 postfix/smtp[2148]: 
>  
>
>: to=<leardl5 at yahoo.com>, relay=mx2.mail.yahoo.com[64.156.215.5], delay=8849, status=deferred (lost connection with mx2.mail.yahoo.com[64.156.215.5] while sending RCPT TO)
>May 13 16:23:46 rhfs1 postfix/smtp[2151]: connect to mx2.mail.yahoo.com[64.157.4.82]: Connection timed out (port 25)
>May 13 16:23:47 rhfs1 postfix/smtp[2151]: 5686D14AB8A: to=<lauraetsu at yahoo.com>, relay=mx1.mail.yahoo.com[64.156.215.5], delay=13559, status=deferred (host mx1.mail.yahoo.com[64.156.215.5] said: 421 VS5-MF Excessive unknown recipients - possible Open Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5))
>May 13 16:23:47 rhfs1 postfix/smtp[2151]: 5686D14AB8A: to=<lauraetsu at yahoo.com>, relay=mx1.mail.yahoo.com[64.156.215.5], delay=13559, status=deferred (lost connection with mx1.mail.yahoo.com[64.156.215.5] while sending RCPT TO)
>
>Is this a spam attack?
>
>Jon L. Miller, MCNE, CNS
>Director/Sr Systems Consultant
>MMT Networks Pty Ltd
>http://www.mmtnetworks.com.au 
>
>"I don't know the key to success, but the key to failure
> is trying to please everybody." -Bill Cosby
>
>  
>
They do appear spam related.
You'll need to look further back into the logs to see where these 
messages are coming from - do greps for those queue ids:

5686D14AB8A
C945814ABD9
5BBB314AC14

etc

Cheers
Luke

More information about the plug mailing list