spamy od unknown usera

David Olszyñski hisaak na ysoft.cz
Středa Červenec 11 19:38:20 CEST 2001 

Dobry den.

V posledni dobe mi prislo nekolik stiznosti na spamy zaslane udajne
z naseho serveru. V hlavickach je vzdy nas server uveden jako ten, ktery
mail prijal jako prvni, ovsem ip adresa uvedena za jeho jmenem
nikdy nesouhlasi (dokonce je vzdy jina).

Napriklad:

---MESSAGE HEADER---

Return-Path: <krpff na nasserver.cz>
Received: from VL-MS-MR003.sc1.videotron.ca ([10.23.32.73]) by
          VL-MS-MS001.sc1.videotron.ca (Netscape Messaging Server 4.15)
          with ESMTP id GGAYFV00.8HP; Wed, 11 Jul 2001 05:31:07 -0400
Received: from mo5.hananet.net ([211.58.56.20]) by
          VL-MS-MR003.sc1.videotron.ca (Netscape Messaging Server 4.15
          MR003 Jun 11 2001 16:23:30) with ESMTP id GGAYFU04.3AH; Wed, 11
          Jul 2001 05:31:06 -0400
Received: from nasserver.cz ([203.168.22.202]) by mo5.hananet.net
          (Netscape Messaging Server 4.15) with SMTP id GGAYDL00.007; Wed,
          11 Jul 2001 18:29:45 +0900
Message-ID: <00005db075cb$00007f62$000006b5 na nasserver.cz>
To: <a114 na 126.com>
From: krpff na nasserver.cz
Subject: FW:
Date: Tue, 10 Jul 2001 21:51:48 -0700
MIME-Version: 1.0
Content-Type: text/html;
            charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal

---MESSAGE HEADER---

Jde mi treba o tento radek:
Received: from nasserver.cz ([203.168.22.202]) by mo5.hananet.net

Ta ip adresa ale nase neni. V dalsich spamech byly jine, ale ze stejne
C domeny.

Z relevantnich veci, ktere jsem nasel v maillogu snad jen treba toto:
Jul 11 11:31:34 beauty sendmail[8983]: f6B9VXG08983: <krpff na nasserver.cz>... User unknown
Jul 11 11:31:34 beauty sendmail[8983]: f6B9VXG08983: from=<>, size=27764, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[211.58.56.20]


Takovych hlasek mam v maillogu celkem dost (jen to size je obvykle =0)
a hodne me to desi. Co to vlastne znamena? Sel ten spam pres nas?
Jak se proti tomu branit?

Pouzivame sendmail-8.11.2-14 z rh7.1. Provozujeme na tom `pop before smtp',
ale to, myslim, funguje dobre. Treba telnet mailabuse.com mi da hlasku
System appeared to reject relay attempts.

Predem dekuji za jakoukoliv pomoc a radu.

David Olszynski

Další informace o konferenci Sendmail