On Sunday 24 August 2003 10:09 pm, Mike Vanecek wrote: > On Sun, 24 Aug 2003 14:00:08 -0700, Robin Lynn Frank wrote > > > On Sunday 24 August 2003 01:04 pm, Mike Vanecek wrote: > > > [EMAIL PROTECTED] postfix]# grep reject /var/log/maillog > > > Aug 24 04:37:31 www postfix/smtpd[2917]: EC710E0541: reject: RCPT from > > > unknown[195.18.71.121]: 450 Client host rejected: cannot find your > > > hostname, [195.18.71.121]; > > > from=<[EMAIL PROTECTED]> to=<me> > > > proto=ESMTP helo=<mail.readershouse.nl> > > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > Do you think that has something to do with the problem? I checked > > our logs and nothing from sourceforge.net produces anything similar. > > > > So I have to ask a dumb question and ask why is your mail coming > > from a host other than lists.sourceforge.net????? > > Good question. Normally, it does not. Note that I have one being rejected > from the unknown host and another being accepted from the list. > > Aug 24 01:50:51 www postfix/smtpd[24091]: connect from > unknown[195.18.71.121] > > Aug 24 01:50:51 www postfix/smtpd[24091]: 901D7E0541: > client=unknown[195.18.71.121] > > Aug 24 01:50:56 www postfix/smtpd[24091]: 901D7E0541: reject: RCPT from > unknown[195.18.71.121]: 450 Client host rejected: > cannot find your hostname, [195.18.71.121]; > from=<[EMAIL PROTECTED]> to=<me> proto=ESMTP > helo=<mail.readershouse.nl> > > Aug 24 01:50:59 www postfix/smtpd[24091]: disconnect from > unknown[195.18.71.121] > > Aug 24 01:54:04 www postfix/smtpd[24095]: connect from > lists.sourceforge.net[66.35.250.206] > > Aug 24 01:54:04 www postfix/smtpd[24095]: 40293E0541: > client=lists.sourceforge.net[66.35.250.206] > > Aug 24 01:54:13 www postfix/cleanup[24096]: 40293E0541: > message-id=<[EMAIL PROTECTED]> > > Aug 24 01:54:13 www postfix/nqmgr[2286]: 40293E0541: > from=<[EMAIL PROTECTED]>, size=5876, nrcpt=1 > (queue active) > > Aug 24 01:54:13 www postfix/smtpd[24095]: disconnect from > lists.sourceforge.net[66.35.250.206] > > My first thought was that it was the monthly subscription check. Evidently, > that thought was wrong. > > Possibly the attempt is from a spammer with forged information? The > "to=<me>" address is unique to this list. That means that whomever is > sending the message got my address from this list or the list server. > > I am now getting three rejects at around the same time. I suspect that > means the spammer has sent me additional copies of the spam. I think I will > add a drop in my iptables on that ip address and save postfix from having > to be concerned with the problem. > > > > ------------------------------------------------------- > This SF.net email is sponsored by: VM Ware > With VMware you can run multiple operating systems on a single machine. > WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines > at the same time. Free trial click > here:http://www.vmware.com/wl/offer/358/0
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk Maaybe someone should test if readershouse.nl is an open relay or open proxy. What is strange is this: $ dig readershouse.nl ; <<>> DiG 9.2.2 <<>> readershouse.nl ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46116 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;readershouse.nl. IN A ;; AUTHORITY SECTION: readershouse.nl. 86400 IN SOA ns1.qinip.net. hostmaster.qinip.net. 2003012201 28800 7200 604800 86400 ;; Query time: 191 msec ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Mon Aug 25 07:55:19 2003 ;; MSG SIZE rcvd: 93 -- Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC © 2003 Paradigm-Omega, LLC. All rights reserved. Unauthorized reproduction and/or dissemination is forbidden.
pgp00000.pgp
Description: signature
