Mailing List SIMS@mail.stalker.com Message #15527
From: Clive Bruton <clive@indx.co.uk>
Subject: Spam on my server
Date: Wed, 29 Aug 2007 06:24:58 -0700
To: <SIMS>
X-Mailer: Apple Mail (2.752.2)
I seem to have managed to get spam relayed through my server. I've no idea how this happened, but here is the source of one of the messages.

**********

Received: from [211.158.162.250] (HELO expire)
  by mail.indx.co.uk (Stalker SMTP Server 1.8b9d14)
  with ESMTP id S.0002872782 for <cteng@webmail.com>; Thu, 23 Aug 2007 12:54:44 +0000
From: "Ruby Quan"<accessible@yahoo.com>
To: cteng@webmail.com
Subject: D0N░ět import from China with0ut Magbazer
Date: Thu, 23 Aug 2007 12:54:46 GMT
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

estuary:
Don░ět import from China without Magbaza

Magbaza reduces potential risks from frauds.

Magbaza protects both buyers and sellers against frauds.

Magbaza acts as an authentic third party that collects, holds and disburses funds.

Magbaza not only source credible suppliers but also save your money and time..

Magbaza can help you find qualified goods and credible suppliers as soon as possible.

Magbaza filters the vast and overwhelm business information from china (weed out useless information)


http://fav9.cn

************

I'm surmising from this that the header is not faked, and somehow my host accepted this mail in order that it relay the mail. The only hosts allowed to relay to this host are in the 192.168.*.* range, and it obviously didn't come from them.

Any clues? My only guess is that someone got in through a pop account, but there's nothing in the logs for POP, I had logging on "problems", just switched it to "low-level".


-- Clive


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster