[Dshield] Persistent open relay scan...
yves.lacroix at meg.fr
Fri Jul 19 09:39:42 GMT 2002
We used to have a sendmail on wich we also had spam problems!
Here is a script we used to purge the sendmail queue of unwanted messages.
Just type in the identification string of the mails you want deleted when
I know this one is not perfect as it deletes mail actually processed by the
sendmail daemon but I presume someone has an idea of how to solve this. We
processed by using the script and afterwards another one to delete empty
files or when possible killing the sendmail daemon, running the script and
Hope this helps
echo SPAMs suppress
echo -n Enter identification string:
if [ $ID ]
echo empty string !
ls > /tmp/spam.lst
while read FICHIER
check=`grep -i $ID /var/spool/mqueue/$FICHIER`
if [ ! "$check" ]
echo $File is OK
echo $File is not a spam keep it >> /tmp/nospam.lst
echo $File is a spam kill it >> /tmp/spamok.lst
echo $File is a SPAM
# echo $FICHIER
done < /tmp/spam.lst
echo That is fini !
> Message: 6
> From: "Jens Knoell" <jens at ing.twinwave.net>
> To: <list at dshield.org>
> Date: Thu, 18 Jul 2002 03:00:07 -0600
> Subject: [Dshield] Persistent open relay scan...
> Reply-To: list at dshield.org
> Does anyone know what generates mails like this:
> ----<Start of curious mail>----
> Return-Path: <?g>
> Received: from p5080fa84.dip.t-dialin.net (p5080FA84.dip.t-dialin.net
> by vega.ing.twinwave.net (8.11.0/8.11.0) with SMTP id g6I8M4Z24746
> for <vega.ing.twinwave.net at p5080fa84.dip.t-dialin.net>; Thu, 18
> 2002 10:22:04 +0200
> Date: Thu, 18 Jul 2002 10:22:04 +0200
> From: 220.127.116.11 at p5080fa84.dip.t-dialin.net
> Message-Id: <200207180822.g6I8M4Z24746 at vega.ing.twinwave.net>
> Subject: Do not delete this mail
> vega.ing.twinwave.net and [18.104.22.168] invite you to a open mailrelay
> ----<End of curious mail>----
> The mentioned server is mine, and it properly rejects the mail(s). I've
> like 10.000 of them in my mail spool right now, and I'd like to know if
> anyone knows the used program.
> Another question: Does anyone know of a good way to purge the (sendmail)
> mailspool from that crap? I can't purge by sender/recipient, but the
> as well as the body (see above) are always identical. Just how to kill the
> unwanted spool files?
> I do know that I lately pissed a few spammers off royally (including death
> threats and other funnies), so I am not surprised.
> Thanks in advance
> Dshield mailing list
> Dshield at dshield.org
> End of Dshield Digest
More information about the list