[CentOS] pop3 attack

Fri Mar 13 21:04:25 UTC 2009
Ned Slider <ned at unixmail.co.uk>

James Pifer wrote:
>> The masquerading options are for a different purpose.
>> I'm glad you got it sorted out.
> Although I'm able to send mail to most people without a problem using
> smarthost, I still have a few that bounce back with errors like:
> Your message was rejected by mail.lance.com for the following reason:
>      Service unavailable; Client host [cdptpa-omtalb.mail.rr.com] blocked by zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=
> I'm using the smarthost server that I should be using according to the information:
> define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl

Well, according to the headers on this message, your mail does indeed 
appear to be correctly routed through your smarthost - in this instance 
cdptpa-omtalb.mail.rr.com [].

It looks to me like the server above is checking all hops against 
zen.spamhaus.org rather than just the last external connection - that's 
the only reason I can see for it detecting and rejecting your mail 
(assuming your smarthost was correctly used to send that mail).

I use zen.spamhaus.org on my server, so you're welcome to send a test 
message directly to me off list and see if it bounces or not (you will 
get greylisted first for 60 seconds)

> Although I'm in a residential IP range, my connection is Business Class, so sending smtp mail is not restricted (at least contractually). 

Regardless, as others have pointed out your IP address is still listed 
in pbl on zen.spamhaus.org so it's pretty futile trying to send mail 

> Why would I still have this problem if I'm using smarthost? Is there a way to resolve it?

It shouldn't if everything is configured correctly. As I said above, to 
me it looks more like the receiving server is misconfigured. That might 
be intentional, who knows, but they will get FPs as a result from anyone 
like yourself who correctly relays mail through their ISP.