[Mailman-Users] Spam - from where?
Lindsay Haisley
fmouse-mailman at fmp.com
Wed Jun 9 01:17:54 CEST 2010
On Tue, 2010-06-08 at 17:53 -0500, Lindsay Haisley wrote:
> I just checked my mail logs and find a very large number of attempted
> deliveries from the list to various users @gamblingplanet.org. e.g.,
>
> Jun 8 17:27:52 kali courierd: started,id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet.org at autoharp.org>,module=esmtp,host=gamblingplanet.org,addr=<playwrightCL at gamblingplanet.org>
> Jun 8 17:28:52 kali courieresmtp: id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet.org at autoharp.org>,addr=<playwrightCL at gamblingplanet.org>: Connection timed out
> Jun 8 17:28:52 kali courieresmtp: id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet.org at autoharp.org>,addr=<playwrightCL at gamblingplanet.org>,status: deferred
>
> There are no addresses @gamblingplanet.org on the cyberpluckers list!
> Has the list server been hacked? What could be going on here? I'm not
> seeing any incoming probes which would generate a list DSN or NDR.
I'm also seeing this associated with other lists on the same server.
Somehow my list server is being used as a kind of open relay, which is
strictly denied by the mail server on which it rides.
There are other obvious spam domains involved, e.g. qq.com.cn and
clubmediterra.ru.
--
Lindsay Haisley | "Everything works if you let it"
FMP Computer Services |
512-259-1190 | - The Roadie
http://www.fmp.com |
More information about the Mailman-Users
mailing list