[CentOS] pop3 attack

Fri Mar 13 21:04:25 UTC 2009
Ned Slider <ned at unixmail.co.uk>

James Pifer wrote:
>> The masquerading options are for a different purpose.
>> I'm glad you got it sorted out.
> 
> 
> Although I'm able to send mail to most people without a problem using
> smarthost, I still have a few that bounce back with errors like:
> Your message was rejected by mail.lance.com for the following reason:
> 
>      Service unavailable; Client host [cdptpa-omtalb.mail.rr.com] blocked by zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=70.62.90.185
> 
> I'm using the smarthost server that I should be using according to the information:
> define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl
> 

Well, according to the headers on this message, your mail does indeed 
appear to be correctly routed through your smarthost - in this instance 
cdptpa-omtalb.mail.rr.com [75.180.132.122].

It looks to me like the server above is checking all hops against 
zen.spamhaus.org rather than just the last external connection - that's 
the only reason I can see for it detecting and rejecting your mail 
(assuming your smarthost was correctly used to send that mail).

I use zen.spamhaus.org on my server, so you're welcome to send a test 
message directly to me off list and see if it bounces or not (you will 
get greylisted first for 60 seconds)

> Although I'm in a residential IP range, my connection is Business Class, so sending smtp mail is not restricted (at least contractually). 
> 

Regardless, as others have pointed out your IP address is still listed 
in pbl on zen.spamhaus.org so it's pretty futile trying to send mail 
directly.

> Why would I still have this problem if I'm using smarthost? Is there a way to resolve it?
> 

It shouldn't if everything is configured correctly. As I said above, to 
me it looks more like the receiving server is misconfigured. That might 
be intentional, who knows, but they will get FPs as a result from anyone 
like yourself who correctly relays mail through their ISP.