Subject: Re: MTA listed as a SPAMMER by spamcop.net
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Thu Aug 22 2002 - 10:53:02 AKDT
On Wed, 21 Aug 2002, Greg Jetter wrote:
> Hey folks this was interesting , this morning a friend ask me to relay a
> e-mail to another friend because it was being bounced , turns out it was
> bounced because the final destination machine was listed as a spam machine
> with spamcop.net . funny thing is it's the mail server for MTA !
>
> so if your a customer and been having problems with bounce mail this may be
> your problem , take a look for yourself
> http://spamcop.net/bl.shtml?12.6.42.4
Unless Spamcop is modifying the headers in the example spam messages that
they show came from goliath.mtaonline.net, Goliath the SOURCE of the spam,
not an open relay. It's noteworthy that in those examples the first
received line (which doesn't appear to be forged) shows Goliath's sendmail
accepted the messages for delivery from "nobody@localhost". This would be
consistent with the use of formmail.pl on Goliath (a horribly insecure
form to email perl script--this month alone I've had 117 probes for it on
just one server). The alternative is that someone with shell access may
be sending out the spam, but I think that would be unlikely.
Mike
-- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice Network Technician Consortium Library (907) 786-6050 fax tibor@lib.uaa.alaska.edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Thu Aug 22 2002 - 10:53:04 AKDT