doram Posted November 10, 2004 Posted November 10, 2004 I had put a test email server online for approximately 2 days and I found that I forgot to disallow relaying so you know what happened. But when I wwent through the logs for my mail server I found a server that had sent an email back to itself relayed through my mail server and thats when the floodgates opened. Now without going through too many details upfront I was wondering if anyone had some advice on reporting this mail server that started the relay off of my server?
Wazoo Posted November 10, 2004 Posted November 10, 2004 If you've got the IP of the alleged bad server that started the mess, then you'd want to track down who's in charge of that server, possibly their upstream, and go with that. This answer is so easy, there must be something that I'm missing in your question. Maybe it's that you're asking how to use the SpamCop tool set for reporting, which would be answered with that this is not what SpamCop does.
doram Posted November 10, 2004 Author Posted November 10, 2004 I do have the IP address. I guess what I was wondering is not so much should I report this person but I found that in my logs I found what almost appears to be a series of emails forwarded to different mail accounts which in turn started to use the server as a relay. So I guess I was tring to point out is I have almost like a trail of someone finding the open relay and then forwarding the info to another account and it using my mail server etc... is this type of info usefull for anyone.
Jeff G. Posted November 10, 2004 Posted November 10, 2004 If they are in the US, please contact your local FBI field office - you appear to have the makings of a RICO case.
doram Posted November 10, 2004 Author Posted November 10, 2004 I can do better than that for you. Here is the info I have so far. Message 00470937 transferred to mail.99PEAK.COM for business[at]99peak.com from business[at]99peak.com Size: 4K via SMTP. Now it appears it has a link on this website to show you how to use a mass mailer which I have provided the web address here. Please check out and make up your own mind about this. http://99peak.com/iplist.htm let me know if you think you may have any solutions to this. Oh sorry forgot to mention this web site is from china but it will still be viewable for the most part even if you don't install the language pack.
Merlyn Posted November 10, 2004 Posted November 10, 2004 Registrant: robowang 12Fl.-7, No. 399, Liming E. St., Nantuen Chiu, Taichung, Taiwan 408, R.O.C. Taichung, Taiwan 408 TW Domain name: 99PEAK.COM Administrative Contact: Wang, Chia-Lin robowang[at]tcts.seed.net.tw 12Fl.-7, No. 399, Liming E. St., Nantuen Chiu, Taichung, Taiwan 408, R.O.C. Taichung, Taiwan 408 TW 886-939313233 Technical Contact: Hostmaster, Ampira dns_tech[at]ampira.com 500 7th Avenue 15th Floor '' New York, NY 10018 US 212 706 3000 Fax: 212 706 3100 Check out http://groups.google.com/groups?q=212-706-...e=off&scoring=d Makes for some good late night reading!
doram Posted November 10, 2004 Author Posted November 10, 2004 That is interesting. Too bad there wasn't some way we could turn this back against them and overrun there servers
Recommended Posts
Archived
This topic is now archived and is closed to further replies.