{R} Posted October 13, 2004 Share Posted October 13, 2004 Apparently my shortly to be commissioned DNS server 217.169.24.83 which doesn't have an rDNS working yet, is spamming. See below. Now there is no SMTP server on this Win2K box, and BIND is playing up too but that is a different story, So can someone please explain how I got reported, I don't mind at all as I have no intention of running an SMTP server on that IP. {R} [ SpamCop V1.379 ] This message is brief for your comfort. Please use links below for details. Email from 217.169.24.83 / Wed, 13 Oct 2004 23:39:29 +0300 (EAT) http://www.spamcop.net/w3m?i=z1264389395za...8b8cc502edbfcfz [ Offending message ] Received: from standardlife.ca ([217.169.24.83]) by mailexch-inalt.unon.org (8.13.1/8.13.1) with SMTP id i9DKdFJL009451 for <x>; Wed, 13 Oct 2004 23:39:29 +0300 (EAT) Message-ID: <04de______________________e0db[at]standardlife.ca> From: "Trisha Hutchins" <t.hutchins_gz[at]cicely5.cicely.de> To: x Subject: [spam] Date: Thu, 14 Oct 2004 18:52:19 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 8bit Received-SPF: softfail (mailexch-inalt.unon.org: transitioning domain of cicely5.cicely.de does not designate 217.169.24.83 as permitted sender) client-ip=217.169.24.83; envelope-from=t.hutchins_gz[at]cicely5.cicely.de; helo=standardlife.ca; X-Miltered: at prtsvr-x with ID 416D9273.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Brightmail-Tracker: AAAAAwEjor4BIRIKASdFng== {spam snipped} Link to comment Share on other sites More sharing options...
Merlyn Posted October 13, 2004 Share Posted October 13, 2004 There is a problem with that machine, it has probably some kind of worm or it has been hacked. You don't have to be running an smtp server to send spam it is built into many worms. CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=217.169.24.83 -------------------------------------------------------------------------------- XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4 http://www.spamhaus.org/query/bl?ip=217.169.24.83 -------------------------------------------------------------------------------- SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?217.169.24.83 -------------------------------------------------------------------------------- DNSBLUCEPN External Block List - UCEPROTECT®-Network Project: ucepn.dnsbl.net.au -> 127.0.0.2 PLEASE SEE http://www.uceprotect.net/ Link to comment Share on other sites More sharing options...
Chris Parker Posted October 14, 2004 Share Posted October 14, 2004 It looks like it's been compromised... Sample: Google is your friend Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 14, 2004 Share Posted October 14, 2004 What a small world.... The posting that was found by that search is a person I regularly read on the comp.os.vms newsgroups many moons ago. Link to comment Share on other sites More sharing options...
Merlyn Posted October 14, 2004 Share Posted October 14, 2004 Looks like as of yesterday: 2004/Oct/13 22:49:59 UTC (view message) socks4 2004/Oct/13 22:50:00 UTC (view message) http-connect 2 open proxys on it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.