[Intrusions] Strange observation with spamming
Michael Dwyer
mdwyer at timestreamtech.com
Fri Feb 11 15:03:53 GMT 2005
Michael Schwartzkopff wrote:
> Feb 3 09:52:56 mail postfix/smtpd[24063]: 7D60B9096B: reject: RCPT from
> p549A33B4.dip.t-dialin.net[84.154.51.180]: 554 <XXX at gmx.de>: Relay access
> denied; from=<YYY at mycompany> to=<XXX at gmx.de> proto=SMTP helo=<biebl.org>
>
> Any idea why the spammer / zombie tried to send out via our mail server?
> Any idea why the spammer uses the name of our employee several times, besides
> that he is dedicated in fighting spam in the ISOC?
> Is there any spamware know with this behaviour?
I imagine he was testing the idea that some people limit relaying by
From address, instead of by IP address. If you did did this, once he
had identified a valid e-mail address, he could use your site as an
unsecured relay.
It appears that you are doing the Right Thing, though.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10-Feb-2005
More information about the Intrusions
mailing list