[Mailman-Users] Spam - from where?

Lindsay Haisley fmouse-mailman at fmp.com
Wed Jun 9 01:17:54 CEST 2010


On Tue, 2010-06-08 at 17:53 -0500, Lindsay Haisley wrote:
> I just checked my mail logs and find a very large number of attempted
> deliveries from the list to various users @gamblingplanet.org.  e.g.,
> 
> Jun  8 17:27:52 kali courierd: started,id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet.org at autoharp.org>,module=esmtp,host=gamblingplanet.org,addr=<playwrightCL at gamblingplanet.org>
> Jun  8 17:28:52 kali courieresmtp: id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet.org at autoharp.org>,addr=<playwrightCL at gamblingplanet.org>: Connection timed out
> Jun  8 17:28:52 kali courieresmtp: id=00000000001B562E.000000004C0E7E65.00004AF9,from=<cyberpluckers-bounces+playwrightcl=gamblingplanet.org at autoharp.org>,addr=<playwrightCL at gamblingplanet.org>,status: deferred
> 
> There are no addresses @gamblingplanet.org on the cyberpluckers list!
> Has the list server been hacked?  What could be going on here?  I'm not
> seeing any incoming probes which would generate a list DSN or NDR.

I'm also seeing this associated with other lists on the same server.
Somehow my list server is being used as a kind of open relay, which is
strictly denied by the mail server on which it rides.

There are other obvious spam domains involved, e.g. qq.com.cn and
clubmediterra.ru.

-- 
Lindsay Haisley       | "Everything works if you let it"
FMP Computer Services |
512-259-1190          |     - The Roadie
http://www.fmp.com    |




More information about the Mailman-Users mailing list