{R} Posted October 13, 2004 Posted October 13, 2004 Apparently my shortly to be commissioned DNS server 217.169.24.83 which doesn't have an rDNS working yet, is spamming. See below. Now there is no SMTP server on this Win2K box, and BIND is playing up too but that is a different story, So can someone please explain how I got reported, I don't mind at all as I have no intention of running an SMTP server on that IP. {R} [ SpamCop V1.379 ] This message is brief for your comfort. Please use links below for details. Email from 217.169.24.83 / Wed, 13 Oct 2004 23:39:29 +0300 (EAT) http://www.spamcop.net/w3m?i=z1264389395za...8b8cc502edbfcfz [ Offending message ] Received: from standardlife.ca ([217.169.24.83]) by mailexch-inalt.unon.org (8.13.1/8.13.1) with SMTP id i9DKdFJL009451 for <x>; Wed, 13 Oct 2004 23:39:29 +0300 (EAT) Message-ID: <04de______________________e0db[at]standardlife.ca> From: "Trisha Hutchins" <t.hutchins_gz[at]cicely5.cicely.de> To: x Subject: [spam] Date: Thu, 14 Oct 2004 18:52:19 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 8bit Received-SPF: softfail (mailexch-inalt.unon.org: transitioning domain of cicely5.cicely.de does not designate 217.169.24.83 as permitted sender) client-ip=217.169.24.83; envelope-from=t.hutchins_gz[at]cicely5.cicely.de; helo=standardlife.ca; X-Miltered: at prtsvr-x with ID 416D9273.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Brightmail-Tracker: AAAAAwEjor4BIRIKASdFng== {spam snipped}
Merlyn Posted October 13, 2004 Posted October 13, 2004 There is a problem with that machine, it has probably some kind of worm or it has been hacked. You don't have to be running an smtp server to send spam it is built into many worms. CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=217.169.24.83 -------------------------------------------------------------------------------- XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4 http://www.spamhaus.org/query/bl?ip=217.169.24.83 -------------------------------------------------------------------------------- SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?217.169.24.83 -------------------------------------------------------------------------------- DNSBLUCEPN External Block List - UCEPROTECT®-Network Project: ucepn.dnsbl.net.au -> 127.0.0.2 PLEASE SEE http://www.uceprotect.net/
Chris Parker Posted October 14, 2004 Posted October 14, 2004 It looks like it's been compromised... Sample: Google is your friend
StevenUnderwood Posted October 14, 2004 Posted October 14, 2004 What a small world.... The posting that was found by that search is a person I regularly read on the comp.os.vms newsgroups many moons ago.
Merlyn Posted October 14, 2004 Posted October 14, 2004 Looks like as of yesterday: 2004/Oct/13 22:49:59 UTC (view message) socks4 2004/Oct/13 22:50:00 UTC (view message) http-connect 2 open proxys on it.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.