Dealing with open relay spam / hack attempts?

Printable View

February 1st, 2002, 03:15 PM
wct097

Dealing with open relay spam / hack attempts?

Seems my mail server was acting in open relay mode. I fixed it, and deleted all the junk mail that had been forced into our system.

Today, another message was held in the system because it was a relay message which I am now not allowing. I forced this message to go into my inbox rather than the email address it was intended to be relayed to. Upon opening it, I see that it is an advertisement for a weight loss pill. Well, checking my router and firewall logs, I see it appears to have come from a certain IP addy that traces back to Rome, Italy. The business mentioned in the email is from Dayton, Oh. Upon further examination, the email has two recieve headers, one pointing to Rome Italy, the other pointing to an ISP in Dayton, OH. I am assuming that the origin was Dayton OH with a spoofed IP tracing back to Rome Italy.

What do I do? Call up this business and curse them? Call their ISP (Qwest) and get mad? Call our lawyers and sic them on this Dayton OH business? Call the police?

Thanks,
February 1st, 2002, 03:30 PM
gold eagle

Er, well hang on a bit. I got a similar situation with email open relay being open. try this site for more info before doing too much.
http://ORDB.org/faq

hope this helps you some.
February 1st, 2002, 04:23 PM
wct097

ORDB.org was who clued me in on my open relay...

...so I've already checked them out, fixed my prob, and got off their blacklist.

What I have is a company who tried to bounce spam off my system, but didn't succeed since it's no longer an open relay.

I have the company name, address, phone number, ISP, offending IP addy, and router & firewall logs showing a spoofed IP that is shown on the same email that the company's IP is on.

What do I do?
February 1st, 2002, 04:41 PM
gold eagle

well you have several courses of action. First consult the policy of your company, and if there is any action specified there. You can block their ip or have your isp do it. you can (and probably should) contact their isp.

It ispossible they are being used to send this spam unawares. I would refrain from threats to them as a legal precaution, but you can contact them directly to discuss the matter.

I hope this helps. good luck. :)
February 1st, 2002, 05:12 PM
I am a cracker

Quote:

The business mentioned in the email is from Dayton, Oh. Upon further examination, the email has two recieve headers, one pointing to Rome Italy, the other pointing to an ISP in Dayton, OH. I am assuming that the origin was Dayton OH with a spoofed IP tracing back to Rome Italy.

What do I do? Call up this business and curse them? Call their ISP (Qwest) and get mad? Call our lawyers and sic them on this Dayton OH business? Call the police?

Everyone stay away from this dude see what happens when you do drugs? You become mentally unstable. Call the police man you better tighten up and fly right. Of that little b.s. Dude All I can say is WELCOME TO THE INTERNET! SOMEONE IS SPAMMING PRETTY GOOD! :firedevil :fart: :hiphop: :killcompu :xbones: :lildevil:
February 1st, 2002, 06:41 PM
wct097

Quote:

Originally posted by I am a crack baby
Everyone stay away from this dude see what happens when you do drugs? You become mentally unstable. Call the police man you better tighten up and fly right. Of that little b.s. Dude All I can say is WELCOME TO THE INTERNET! SOMEONE IS SPAMMING PRETTY GOOD!

Let me see if I can decipher some of this lame post.

I'm mentally unstable and do drugs, eh?

I asked a serious question here. Obviously I'm not calling the police. It's not that big of a deal. I'm just wondering what others in my position would do. If I asked what a stoner/high-school dropout/wanna-be hacker would think......then I would expect a response like yours. Do yourself a favor. Go back to 5th grade and start learning the English language.