[CentOS] Relaying of spam
Thomas E Dukes
edukes at alltel.net
Sun Feb 5 19:03:57 UTC 2006
I've been getting them to but a different message. Mine are originating
from Korea, kornet.net
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Marcel
> Sent: Sunday, February 05, 2006 1:53 PM
> To: centos at centos.org
> Subject: [CentOS] Relaying of spam
>
> Hi, sorry if this isn't the right place to post, but I'm
> having some trouble figuring out a spamming issue. If anyone
> here can help, that'd be amazing.
>
> I'm running Brian's CentOS/BlueQuartz CD, version 3.5 from
> Nuonce.net.
> Everything seemed to be running fine for several days until
> this morning, when I received a zillion "returned mail"
> notices from the mailer daemon. Within it, it said it was
> unable to complete sending to the following users for various
> reasons and blah blah blah. That's fine, but I never
> initiated the email.
>
> In my logs, entries like the following shows up ('portal' is
> the name of the box obviously):
>
> Feb 5 12:11:45 portal sendmail[17135]: k15EXFZf015093: SMTP
> outgoing connect on portal.xxxxxxx.com Feb 5 12:12:51 portal
> sendmail[17135]: k15EXFZf015093: makeconnection
> (mobilemail.caii-dc.com. [209.135.227.253]) failed:
> Connection timed out with mobilemail.caii-dc.com.
> Feb 5 12:12:51 portal sendmail[17135]: k15EXFZf015093:
> to=<aldara at caii-dc.com>,
> ctladdr=<username at portal.xxxxxxxxxxxxxxxxxxxx.com> (502/100),
> delay=03:39:35, xdelay=00:01:06, mailer=esmtp, pri=3188891,
> relay=mobilemail.caii-dc.com. [209.135.227.253], dsn=4.0.0,
> stat=Deferred: Connection timed out with mobilemail.caii-dc.com.
>
> Irregardless of the errors, I can't figure out why/where the
> outbound email is being generated. There are many entries in
> the log like this, and I assume alot of it, is going through.
> The user never initiated it.
> It has to be the server itself?
>
> Plus, it's using the full name of the server which is
> portal.domainname.com in the email address. It seems to only
> use ONE user's name though. AND it's ONLY using 1 user's name
> from a list of several.
>
> The user account gets some spam every now and then with the
> following header info, then these returned emails. These
> emails are from the local server using an account that doesn't exist:
>
> ===============================
> Subject:
> The hottest issue we've seen this year
> From:
> ThePickOfTheYear2696 at domainname.com
> Date:
> Sun, 5 Feb 2006 08:52:47 -0600
> To:
> ThePickOfTheYear2696 at portal.domainname.com
> ===============================
>
> Since the "pickoftheyear" account doesn't exist....
>
> Is there any suggestions from the group? I'm a newb at
> running a mail server, just trying to figure out what's going
> on. The site in question did have a couple formmail scripts
> that I deleted.
>
> I am interested in running chkrootkit but is there a
> specific package required for CentOS/BQ? Or just download and compile?
>
> Thanks.
>
> M
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list