Security Incidents mailing list archives
Re: what is this?
From: "Matthew S. Hallacy" <mhallacy () MERCURY XTRATYME COM>
Date: Fri, 18 Aug 2000 16:12:37 -0500
This is odd, we had a customer who also uses aol forward us some spam that was send to a lot of email addresses beginning with 'z', (his began with a z also) it appears that spammers are picking random addresses that start with a letter of the alphabet and spamming commonly picked addresses. Perhaps they were trying to relay through your system, or the spammer is on your system =) On Fri, 11 Aug 2000, Sami Haahtinen wrote:
Check your system, can anyone relay trough it. also check your mail-queue, it usually is a positive sign of an known open relay if it's full of mail not sent by your system or authorized systems. also check if you are listed at orbs or other systems like that. i would suspect an open relay from these messages... (well not if you have sent those mails to all of those aol.com addresses.) Regards, Sami Haahtinen C wrote:Hi, Last night my logcheckd come up with the following: Active System Attack Alerts =-=-=-=-=-=-=-=-=-=-=-=-=-= Aug 9 18:27:07 main sendmail[20202]:SAA20194: to=<ztattack11 () aol com>,<zpb316 () aol com>,<zotzum () aol com>,<zosom0 () aol com>,<zipper032563 () aol com>,<zion808 () aol com>,<zigmo123 () aol com>,<ziggy3131 () aol com>,<zi69 () aol com>,<zerogoals () aol com>, delay=00:00:06, xdelay=00:00:00, mailer=relay, relay=my.isp.ro. [xxx.xxx.xxx.xxx], stat=Sent (ok 965834789 qp 24507 accepted for delivery to /dev/null. Thank you.) Aug 9 18:27:07 main sendmail[20202]: SAA20194: to=<ztattack11 () aol com>,<zpb316 () aol com>,<zotzum () aol com>,<zosom0 () aol com>,<zipper032563 () aol com>,<zion808 () aol com>,<zigmo123 () aol com>,<ziggy3131 () aol com>,<zi69 () aol com>,<zerogoals () aol com>, delay=00:00:06, xdelay=00:00:00, mailer=relay, relay=my.isp.ro. [xxx.xxx.xxx.xxx], stat=Sent (ok 965834789 qp 24507 accepted for delivery to /dev/null. Thank you.) Please, I want your comments. Thank you!-- If all else Fails, Read the manual... || Sami Haahtinen || ATK-Antti Oy || Sami.Haahtinen () atk-antti com ||
Current thread:
- what is this? C (Aug 10)
- Re: what is this? Sami Haahtinen (Aug 13)
- Re: what is this? Matthew S. Hallacy (Aug 18)
- Re: what is this? Sami Haahtinen (Aug 13)