[CentOS] pop3 attack

Sat Mar 14 14:42:58 UTC 2009
James Pifer <jep at obrien-pifer.com>

> I use zen.spamhaus.org on my server, so you're welcome to send a test 
> message directly to me off list and see if it bounces or not (you will 
> get greylisted first for 60 seconds)

Sent a test message. Here's what's in maillog:
Mar 14 11:00:28 mailserver sendmail[25108]: n2EF0LTt025094: to=<ned at unixmail.co.uk>, ctladdr=<jep at obrien-pifer.com> (503/503), delay=00:00:07, xdelay=00:00:03, mailer=relay, pri=120391, relay=smtp-server.carolina.rr.com. [75.180.132.33], dsn=2.0.0, stat=Sent (Message received: 20090314134107.MZQS7442.cdptpa-omta01.mail.rr.com at mailserver.obrien-pifer.com)

Been several minutes and no bounce. Guess that's a good thing. 

> It shouldn't if everything is configured correctly. As I said above, to 
> me it looks more like the receiving server is misconfigured. That might 
> be intentional, who knows, but they will get FPs as a result from anyone 
> like yourself who correctly relays mail through their ISP.

That would stink, but appears to be the case. 

Thanks,
James