mail relays

G

gripen

Expert Member
Joined
Aug 14, 2003
Messages
1,693
After analysing my logs, I thought I should just post some interesting mail relay attempts on mywireless connection:

<font size="1">
[04/Oct/2004 07:54:47] Relay attempt from IP address 196.23.141.200, mail from &lt;adslfeedback@telkomsa.net&gt; to &lt;justin@ctrs.dyndns.org&gt; rejected
[04/Oct/2004 08:08:46] Relay attempt from IP address 196.23.141.200, mail from &lt;&gt; to &lt;justin@ctrs.dyndns.org&gt; rejected
[04/Oct/2004 08:27:59] Relay attempt from IP address 196.25.240.77, mail from &lt;graeme@jelapeno.co.za&gt; to &lt;sme@ctrs.dyndns.org&gt; rejected
[04/Oct/2004 08:32:40] Relay attempt from IP address 196.23.141.200, mail from &lt;adslfeedback@telkomsa.net&gt; to &lt;justin@ctrs.dyndns.org&gt; rejected
[04/Oct/2004 08:33:20] Relay attempt from IP address 196.25.240.74, mail from &lt;graeme@jelapeno.co.za&gt; to &lt;sme@ctrs.dyndns.org&gt; rejected
[04/Oct/2004 08:49:57] Relay attempt from IP address 196.25.240.77, mail from &lt;shelley@jelapeno.co.za&gt; to &lt;sme@ctrs.dyndns.org&gt; rejected
[04/Oct/2004 08:50:39] Relay attempt from IP address 196.23.141.200, mail from &lt;newserror@grapevine.bidorbuy.co.za&gt; to &lt;justin@ctrs.dyndns.org&gt; rejected
[04/Oct/2004 09:00:41] Relay attempt from IP address 196.23.141.200, mail from &lt;info@i-webmail.net&gt; to &lt;justin@ctrs.dyndns.org&gt; rejected
[07/Oct/2004 07:40:42] Relay attempt from IP address 61.254.164.121, mail from &lt;support@microsoft.com&gt; to &lt;support@microsoft.com&gt; rejected
[snippet of flood]
10/Aug/2004 23:30:48] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;mrrde@aol.com&gt; rejected
[10/Aug/2004 23:30:49] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;twntrade@aol.com&gt; rejected
[10/Aug/2004 23:30:52] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;vsladetrade@aol.com&gt; rejected
[10/Aug/2004 23:30:54] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;pipadolce@aol.com&gt; rejected
[10/Aug/2004 23:30:58] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;palestinejustice@aol.com&gt; rejected
[10/Aug/2004 23:31:05] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;service@mvashing.com&gt; rejected
[10/Aug/2004 23:31:21] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;tomtang@ethome.net.tw&gt; rejected
[10/Aug/2004 23:31:22] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;p1200@ms4.hinet.net&gt; rejected
[10/Aug/2004 23:31:24] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;tsang@ethome.net.tw&gt; rejected
[10/Aug/2004 23:31:26] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;yeh50100@ms4.hinet.net&gt; rejected
[10/Aug/2004 23:31:28] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;sang@ethome.net.tw&gt; rejected
[10/Aug/2004 23:31:30] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;s328000@ms4.hinet.net&gt; rejected
[10/Aug/2004 23:31:32] Relay attempt from IP address 61.31.130.181, mail from &lt;kingram88@yahoo.com.tw&gt; to &lt;mliang@ethome.net.tw&gt; rejected
[end snippet]
</font id="size1">


now the thing is, I dont advertise my mail server so there is some relay scanning going on all the time.
 
D

dorris

Well-Known Member
Joined
Nov 3, 2003
Messages
476
haha, have u seen that, some punk is trying to spoof support@microsoft.com and relay it through you HAHa.

methinks you must to be re-evaluating your config, somewhere along the line, you're IP is hitting some relay server lists.
 
G

gripen

Expert Member
Joined
Aug 14, 2003
Messages
1,693
that particular (dynamic sentech) IP was a well known spamming IP. i couldnt get some mails thru. was getting the "IP is on block list" message. its the price u pay for using a dynamic IP. shows also that there was a serious spammer on mywireless in particular (or an open relay)

methinks the spammer was sme@ctrs.dyndns.org who is a known Sentech user. time to contact Sentech since this falls in their favourite AUP. Im willing to bet they wont enforce this (which is directly in the AUP) as much as the 10GB nonsense which is nowhere in the AUP or contract.

its quite easy. ping ctrs.dyndns.org 24-7. when response received. do a username/IMEI lookup. call user. warn user. add user to baddie list.
 
G

guest2013-1

guest
Joined
Aug 22, 2003
Messages
19,800
there is no baddie list....

Hell, my gran on a scooter with a memory stick is faster than Sentech's MyWireless!
 
R

Robone

Senior Member
Joined
Mar 2, 2004
Messages
562
Going thru my logs, I see the same thing, tho not as bad.

So, how do you stop this. How should I set up my config of my mail server?
 
K

Karnaugh

Banned
Joined
Jul 23, 2003
Messages
1,575
Like hi there, ever heard of viruses? Yes they spoof peoples addresses and attempt to relay through random IP's.

You're welcome to "stop this" by trying to build a time machine, or something like that.

- Colin Alston
colin@slipgate.za.net

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
N

nonroker

Well-Known Member
Joined
Jun 22, 2004
Messages
314
Since hosting SMTP on the dynamic IP is sortof pointless, why not just block your port 25 from the outside?
Alot if your bandwidth is getting wasted by these relay attempts

--
256k ... BAH..more like 25.6k
FSCK YOU Sentech!! [:(!]
 
You must log in or register to reply here.
Top