EMERGENCY - need to secure my server against an ongoing SPAMMER
Bob Brennan
rbrennan96 at gmail.com
Sat Mar 12 09:51:04 UTC 2005
Here is a truncated logwatch indicating more than 1000 spams sent but
seemingly a lot more denied, and most if not all bounced. I have
truncated the "Relaying denied" list because it ran into pages. There
are continuing attempts to relay through my server, every few minutes,
all denied now. Hopefully the bast**ds will give up and move on
soon...
--------------------- sendmail Begin ------------------------
Bytes Transferred: 12332471
Messages Sent: 1010
Total recipients: 13027
271 messages returned after 4 hours
1255 User Unknown notifications
Top relays (recipients/connections - min 10 rcpts, max 50 lines):
2441/125: 219-81-152-11.static.tfn.net.tw [219.81.152.11]
1250/74: 61-31-142-15.dynamic.tfn.net.tw [61.31.142.15]
1200/78: 219-81-147-236.static.tfn.net.tw [219.81.147.236]
1020/102: 61-31-132-192.dynamic.tfn.net.tw [61.31.132.192]
900/90: 219-81-152-68.static.tfn.net.tw [219.81.152.68]
691/35: 219-81-148-55.static.tfn.net.tw [219.81.148.55]
600/30: 61-31-138-36.dynamic.tfn.net.tw [61.31.138.36]
540/54: 61-31-135-89.dynamic.tfn.net.tw [61.31.135.89]
480/36: 61-31-134-142.dynamic.tfn.net.tw [61.31.134.142]
473/48: 61-31-141-57.dynamic.tfn.net.tw [61.31.141.57]
360/24: 219-81-146-75.static.tfn.net.tw [219.81.146.75]
360/36: 219-81-147-234.static.tfn.net.tw [219.81.147.234]
360/36: 61-31-143-231.dynamic.tfn.net.tw [61.31.143.231]
301/25: 61-31-134-51.dynamic.tfn.net.tw [61.31.134.51]
270/27: 219-81-152-242.static.tfn.net.tw [219.81.152.242]
250/25: 61-31-143-110.dynamic.tfn.net.tw [61.31.143.110]
240/12: 219-81-146-16.static.tfn.net.tw [219.81.146.16]
240/18: 61-31-143-233.dynamic.tfn.net.tw [61.31.143.233]
225/23: 219-81-152-9.static.tfn.net.tw [219.81.152.9]
180/9: 61-31-141-122.dynamic.tfn.net.tw [61.31.141.122]
180/18: 61-31-130-73.dynamic.tfn.net.tw [61.31.130.73]
120/12: 61-31-135-224.dynamic.tfn.net.tw [61.31.135.224]
120/12: 219-81-148-189.static.tfn.net.tw [219.81.148.189]
120/12: 61-31-129-123.dynamic.tfn.net.tw [61.31.129.123]
60/3: 61-31-137-64.dynamic.tfn.net.tw [61.31.137.64]
10/10: lon1-probe-1-0.mail.omr-demon.co.uk [193.195.24.130]
Relaying denied:
From www.abuse.net [208.31.42.77] to securitytest at abuse.net: 4 Time(s)
From www.abuse.net [208.31.42.77] to user-49733 at nf.abuse.net: 4 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
118917086 at gigigaga.com: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
3zt5 at yahoo.com.tw: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
boucy at gcn.net.tw: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
ho at ms65.hinet.net: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
jacky.howard at msa.hinet.net: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
jshad at ms49.hinet.net: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
mxw0823 at yahoo.com.tw: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
sammicheng99 at hotmail.com: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
simulation at mic.com.tw: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
v17582001 at yahoo.com.tw: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
vbs at ms48.url.com.tw: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
wong2000 at gigigaga.com: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
yaku at ms8.hinet.net: 1 Time(s)
From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to
ynya at ms21.hinet: 1 Time(s)
From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
ansheng1 at seed.net.tw: 1 Time(s)
From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
bluelans at ms56.hinet.net: 1 Time(s)
From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
chairman at dragonland.com.sg: 1 Time(s)
From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to
freebienewsletter-subscribe at listbot.com: 1 Time(s)
[truncated]
Unknown hosts:
dev.null.: 8 Time(s)
ms08.hinet.net: 2 Time(s)
sparc20.ee.cycu.e: 2 Time(s)
yahoo.comtw: 2 Time(s)
.: 1 Time(s)
127.0.0.1.prodigy.com.: 1 Time(s)
aacolala.happy.everyday: 1 Time(s)
bbs.ee.ncu.edu.t: 1 Time(s)
bbs.nsysu.e: 1 Time(s)
bbs.s: 1 Time(s)
cathlife.com.twhttp: 1 Time(s)
mail.taivs: 1 Time(s)
mcp__exam.com: 1 Time(s)
mediaone.actwin.com.: 1 Time(s)
ms41.hinet: 1 Time(s)
ms49.url.com: 1 Time(s)
ms52.url: 1 Time(s)
msa.inet.net: 1 Time(s)
mse.he.net: 1 Time(s)
news.cwix.com: 1 Time(s)
odell.tp.silkera.net: 1 Time(s)
redbbs.cc.ntut.edu.t: 1 Time(s)
sanyo.com.t: 1 Time(s)
shaparak.net: 1 Time(s)
sinamali.com: 1 Time(s)
tainan.dorm10.nctu: 1 Time(s)
this.domain.is.not.used.for.email.: 1 Time(s)
tm.net.com: 1 Time(s)
tungkwang.pine.ncu.e: 1 Time(s)
tw.arthurandersen.com: 1 Time(s)
u2.wownet.net: 1 Time(s)
ufo.ufo.net: 1 Time(s)
ukypy.com: 1 Time(s)
usenet-rulez.net: 1 Time(s)
viking.cris.com: 1 Time(s)
vinyltap.demon: 1 Time(s)
vlsi1.i: 1 Time(s)
vlsi1.iie: 1 Time(s)
vlsi1.iie.ncku.edu.t: 1 Time(s)
vm.ucs.ual: 1 Time(s)
wareyi.net: 1 Time(s)
www.cn.nctu: 1 Time(s)
xxtra.big.com: 1 Time(s)
yahoo.com.twltw: 1 Time(s)
ynisu.net: 1 Time(s)
your.email.address: 1 Time(s)
Total: 56
More information about the users
mailing list