mail relays

G

gripen

Expert Member
Joined
Aug 14, 2003
Messages
1,693
Reaction score
1
Location
Toronto, ON - Canada
After analysing my logs, I thought I should just post some interesting mail relay attempts on mywireless connection:

<font size="1">
[04/Oct/2004 07:54:47] Relay attempt from IP address 196.23.141.200, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[04/Oct/2004 08:08:46] Relay attempt from IP address 196.23.141.200, mail from &lt;&gt; to &lt;[email protected]&gt; rejected
[04/Oct/2004 08:27:59] Relay attempt from IP address 196.25.240.77, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[04/Oct/2004 08:32:40] Relay attempt from IP address 196.23.141.200, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[04/Oct/2004 08:33:20] Relay attempt from IP address 196.25.240.74, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[04/Oct/2004 08:49:57] Relay attempt from IP address 196.25.240.77, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[04/Oct/2004 08:50:39] Relay attempt from IP address 196.23.141.200, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[04/Oct/2004 09:00:41] Relay attempt from IP address 196.23.141.200, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[07/Oct/2004 07:40:42] Relay attempt from IP address 61.254.164.121, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[snippet of flood]
10/Aug/2004 23:30:48] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:30:49] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:30:52] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:30:54] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:30:58] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:05] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:21] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:22] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:24] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:26] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:28] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:30] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[10/Aug/2004 23:31:32] Relay attempt from IP address 61.31.130.181, mail from &lt;[email protected]&gt; to &lt;[email protected]&gt; rejected
[end snippet]
</font id="size1">


now the thing is, I dont advertise my mail server so there is some relay scanning going on all the time.
 
haha, have u seen that, some punk is trying to spoof [email protected] and relay it through you HAHa.

methinks you must to be re-evaluating your config, somewhere along the line, you're IP is hitting some relay server lists.
 
that particular (dynamic sentech) IP was a well known spamming IP. i couldnt get some mails thru. was getting the "IP is on block list" message. its the price u pay for using a dynamic IP. shows also that there was a serious spammer on mywireless in particular (or an open relay)

methinks the spammer was [email protected] who is a known Sentech user. time to contact Sentech since this falls in their favourite AUP. Im willing to bet they wont enforce this (which is directly in the AUP) as much as the 10GB nonsense which is nowhere in the AUP or contract.

its quite easy. ping ctrs.dyndns.org 24-7. when response received. do a username/IMEI lookup. call user. warn user. add user to baddie list.
 
there is no baddie list....

Hell, my gran on a scooter with a memory stick is faster than Sentech's MyWireless!
 
Going thru my logs, I see the same thing, tho not as bad.

So, how do you stop this. How should I set up my config of my mail server?
 
Like hi there, ever heard of viruses? Yes they spoof peoples addresses and attempt to relay through random IP's.

You're welcome to "stop this" by trying to build a time machine, or something like that.

- Colin Alston
[email protected]

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
Since hosting SMTP on the dynamic IP is sortof pointless, why not just block your port 25 from the outside?
Alot if your bandwidth is getting wasted by these relay attempts

--
256k ... BAH..more like 25.6k
FSCK YOU Sentech!! [:(!]
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X