Re: what's wrong with my sendmail?


Subject: Re: what's wrong with my sendmail?
From: W.D. McKinney (deem@wdm.com)
Date: Thu Nov 13 2003 - 12:33:59 AKST


On Thu, 2003-11-13 at 12:03, Justin Dieters wrote:
> Yes, but obviously, my domain isn't bigfoot.com, it's enderak.com.
>
> Justin
>

I have past problems with GCI sys admin's not understanding how SMTP
works and the server is the offending issue, not the user in some
instances.

After reporting to security@gci.net on numerous occasions and no action
I finally added the GCI IP to our rblsmtpd list. That stopped it.

As GCI strives to provide good service, size of GCI.NET and sheer volume
diminishes attention. If you want tailored service find a company to
commensurate.

Best Wishes

>
> W.D. McKinney wrote:
> > On Thu, 2003-11-13 at 10:41, Justin Dieters wrote:
> >
> >>Okay, I talked to GCI, and they are saying it's not an open relay, but the messages were coming directly from my network. I don't have any Windows machines, just an iMac and a couple Linux boxes. Do you think it might be a compromised box? Here's what GCI sent me:
> >>
> >>Received: from mail2.bigfoot.com (79-2-237-24.gci.net [24.237.2.79])
> >> by mmp-2.gci.net
> >> (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id
> >> <0HO900B5ZC768J@mmp-2.gci.net>; Wed, 12 Nov 2003 12:12:01 -0900 (AKST)
> >>Date: Wed, 12 Nov 2003 12:11:58 -0900 (AKST)
> >>Date-warning: Date header was inserted by mmp-2.gci.net
> >>From: Angella <kksrf@bigfoot.de>
> >>Subject: it will help
> >>To: "lmwopcm@yahoo.com" <lmwopcm@yahoo.com>
> >>Message-id: <0HO900B61C768J@mmp-2.gci.net>
> >>MIME-version: 1.0
> >>Content-type: text/html
> >>Content-transfer-encoding: 7BIT
> >>
> >
> >
> > So is your connection 24.237.2.79 ? The million $ question.
> >
> > Dee
> >
> >
> >
> >
> >
> >><html>
> >><body>
> >><br>
> >>C<!--bnF-->ya<!--bnF-->lus is now available to consumers.<br>
> >>Cy<!--bnF-->alus is sup<!--bnF-->erior to Vi<!--bnF-->agr<!--bnF-->a.<br>
> >>Cyal<!--bnF-->us is super<!--bnF-->ior because:<br>
> >>It acts faster (within 30 minutes).<br>
> >>It lasts much longer (up to 36 hours).<br>
> >>It has far fewer Side effects.<br>
> >>We offer:<br>
> >>Low manufacturer direct pr<!--bnF-->icing.<br>
> >>Private de<!--bnF-->livery to your home.<br>
> >>No Doctor's Con<!--bnF-->sutation required.<br>
> >>100% Mon<!--bnF-->ey Back Guar<!--bnF-->antee.<br>
> >><a href="http://www.med32zd.com/">Why pay twice as much when<BR>
> >>Cyal<!--bnF-->us is a far superior pro<!--bnF-->duct<BR> and is only a
> >>cli<!--bnF-->ck away?</a><br><BR>
> >><br>
> >></body>
> >></html>
> >>
> >>B
> >>
> >>
> >>
> >>
> >>
> >>
> >>>Post the headers that GCI says is evidence that your server was an
> >>>openrelay so we can check it out. It may be that a junior admin
> >>>at GCI was a
> >>>little hasty in jumping to the conclusion that you were open, or
> >>>it may be
> >>>that you were actually open.
> >>>
> >>>Mike
> >>>
> >>>---------
> >>>To unsubscribe, send email to <aklug-request@aklug.org>
> >>>with 'unsubscribe' in the message body.
> >>>
> >>>
> >>
> >>---------
> >>To unsubscribe, send email to <aklug-request@aklug.org>
> >>with 'unsubscribe' in the message body.
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.

-- 
W.D.McKinney (Dee)	    | Affordable E-Mail and Internet Solutions
Alaska Wireless Systems	    | for Schools, Libraries, Clinics & Businesses
http://www.akwireless.net   | Call 1-907-349-4308	

--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Thu Nov 13 2003 - 12:30:17 AKST