On Sat, 2005-03-12 at 09:51 +0000, Bob Brennan wrote: > Here is a truncated logwatch indicating more than 1000 spams sent but > seemingly a lot more denied, and most if not all bounced. I have > truncated the "Relaying denied" list because it ran into pages. There > are continuing attempts to relay through my server, every few minutes, > all denied now. Hopefully the bast**ds will give up and move on > soon... > > --------------------- sendmail Begin ------------------------ > > Bytes Transferred: 12332471 > Messages Sent: 1010 > Total recipients: 13027 > > 271 messages returned after 4 hours > > 1255 User Unknown notifications > > Top relays (recipients/connections - min 10 rcpts, max 50 lines): > 2441/125: 219-81-152-11.static.tfn.net.tw [219.81.152.11] > 1250/74: 61-31-142-15.dynamic.tfn.net.tw [61.31.142.15] > 1200/78: 219-81-147-236.static.tfn.net.tw [219.81.147.236] > 1020/102: 61-31-132-192.dynamic.tfn.net.tw [61.31.132.192] > 900/90: 219-81-152-68.static.tfn.net.tw [219.81.152.68] > 691/35: 219-81-148-55.static.tfn.net.tw [219.81.148.55] > 600/30: 61-31-138-36.dynamic.tfn.net.tw [61.31.138.36] > 540/54: 61-31-135-89.dynamic.tfn.net.tw [61.31.135.89] > 480/36: 61-31-134-142.dynamic.tfn.net.tw [61.31.134.142] > 473/48: 61-31-141-57.dynamic.tfn.net.tw [61.31.141.57] > 360/24: 219-81-146-75.static.tfn.net.tw [219.81.146.75] > 360/36: 219-81-147-234.static.tfn.net.tw [219.81.147.234] > 360/36: 61-31-143-231.dynamic.tfn.net.tw [61.31.143.231] > 301/25: 61-31-134-51.dynamic.tfn.net.tw [61.31.134.51] > 270/27: 219-81-152-242.static.tfn.net.tw [219.81.152.242] > 250/25: 61-31-143-110.dynamic.tfn.net.tw [61.31.143.110] > 240/12: 219-81-146-16.static.tfn.net.tw [219.81.146.16] > 240/18: 61-31-143-233.dynamic.tfn.net.tw [61.31.143.233] > 225/23: 219-81-152-9.static.tfn.net.tw [219.81.152.9] > 180/9: 61-31-141-122.dynamic.tfn.net.tw [61.31.141.122] > 180/18: 61-31-130-73.dynamic.tfn.net.tw [61.31.130.73] > 120/12: 61-31-135-224.dynamic.tfn.net.tw [61.31.135.224] > 120/12: 219-81-148-189.static.tfn.net.tw [219.81.148.189] > 120/12: 61-31-129-123.dynamic.tfn.net.tw [61.31.129.123] > 60/3: 61-31-137-64.dynamic.tfn.net.tw [61.31.137.64] > 10/10: lon1-probe-1-0.mail.omr-demon.co.uk [193.195.24.130] > > > Relaying denied: > From www.abuse.net [208.31.42.77] to securitytest@xxxxxxxxx: 4 Time(s) > From www.abuse.net [208.31.42.77] to user-49733@xxxxxxxxxxxx: 4 Time(s) These top two are the abuse.net relay tester. Probably being used by someone that received some of the spam your machine relayed yesterday. > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > 118917086@xxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > 3zt5@xxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > boucy@xxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > ho@xxxxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > jacky.howard@xxxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > jshad@xxxxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > mxw0823@xxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > sammicheng99@xxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > simulation@xxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > v17582001@xxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > vbs@xxxxxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > wong2000@xxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > yaku@xxxxxxxxxxxxx: 1 Time(s) > From 219-81-145-182.static.tfn.net.tw [219.81.145.182] to > ynya@xxxxxxxxxx: 1 Time(s) > From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to > ansheng1@xxxxxxxxxxx: 1 Time(s) > From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to > bluelans@xxxxxxxxxxxxxx: 1 Time(s) > From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to > chairman@xxxxxxxxxxxxxxxxx: 1 Time(s) > From 219-81-146-16.static.tfn.net.tw [219.81.146.16] to > freebienewsletter-subscribe@xxxxxxxxxxx: 1 Time(s) I wouldn't be surprised if the rest are zombied Windows boxes. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
