I have two mail servers. The primary is here in our office, the
secondary in our NOC just in case our primary pipe goes down. The
thing is, even if the primary is up and working, the secondary server
gets an awful lot of mail -- nearly all of it spam as best I can tell.
Most of it, if it's to an existing user, is accepted because we don't
have any anti-spam stuff installed yet, but it's the following log
entries that have me concerned.
Below you'll find what appears to be an attempt by someone in russia
pretending to be from someone else in russia sending stuff to users
that don't exist in our system. The secondary server appears to be
bouncing these mails back to the fake sender -- obviously something
Bad, but I'm not sure how to stop it as it all looks legit.
Suggestions?
# grep 1FdnXi-0006bg-Jb mainlog
2006-05-10 12:11:51 1FdnXi-0006bg-Jb <= tfuz@???
H=host79-102.pool8258.interbusiness.it [82.58.102.79] P=smtp S=25748
id=036b01c6741a$a43423d0$aa2ded53@valeriy
2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** mail@??? R=dnslookup
T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<mail@???>: host cohen.MYDOMAIN.com [MX0-IP]: 550 unknown
user
2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** MYDOMAIN@???
R=dnslookup T=remote_smtp: SMTP error from remote mail server after
RCPT TO:<MYDOMAIN@???>: host cohen.MYDOMAIN.com [MX0-IP]: 550
unknown user
2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** admin@??? R=dnslookup
T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<admin@???>: host cohen.MYDOMAIN.com [MX0-IP]: 550 unknown
user
2006-05-10 12:11:52 1FdnXi-0006bg-Jb ** info@??? R=dnslookup
T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<info@???>: host cohen.MYDOMAIN.com [MX0-IP]: 550 unknown
user
2006-05-10 12:11:52 1FdnXk-0006bo-87 <= <> R=1FdnXi-0006bg-Jb U=mailnull
P=local S=27199
2006-05-10 12:11:52 1FdnXi-0006bg-Jb Completed
# grep 1FdnXk-0006bo-87 mainlog
2006-05-10 12:11:52 1FdnXk-0006bo-87 <= <> R=1FdnXi-0006bg-Jb U=mailnull
P=local S=27199
2006-05-10 12:11:55 1FdnXk-0006bo-87 ** tfuz@??? R=dnslookup
T=remote_smtp: SMTP error from remote mail server after RCPT
TO:<tfuz@???>: host smtp.rbc.ru [80.68.240.83]: 550 <tfuz@???>:
User unknown in relay recipient table
2006-05-10 12:11:55 1FdnXk-0006bo-87 Frozen (delivery error message)
2006-05-10 12:28:42 1FdnXk-0006bo-87 Message is frozen
2006-05-10 12:58:42 1FdnXk-0006bo-87 Message is frozen
2006-05-10 13:29:58 1FdnXk-0006bo-87 Message is frozen
--
I hope that we shall crush in its birth the aristocracy of our moneyed
corporations, which dare already to challenge our government to a trial
of strength, and bid defiance to the laws of our country.
- Thomas Jefferson, 1816
