Mailing List SIMS@stalker.com Message #6365
From: Steve Linford <steve@uxn.com>
Subject: Re: spam via mx secondary
Date: Sun, 2 Jul 2000 10:36:58 +0100
To: SIMS Discussions <SIMS@mail.stalker.com>
>From Nick Quinn, received 02/07/2000, 3:00 am +0100 (GMT):
> > 10:23:20 1 SMTP-768(postoffice.telstra.net) SPAM?
>Recipient'<MuratSex@email.tc>' rejected: sending host is blacklisted
>
> > 10:23:21 1 SMTP-788([203.50.1.76]) SPAM? Host is in the Blacklist
>
> > 10:23:21 2 SMTP-788([203.50.1.76]) SPAM? Host is banned for another 402
>seconds
>
> "postoffice.telstra.net" is our secondary mx server!

The temporary blacklisting is probably being caused by the spammer running
a dictionary attack on your domain (trying multiple usernames). After the
spammer hits a certain amount of bad usernames SIMS temporarily blacklists
the sending host (to stop the attack).

Your secondary MX is probably not a SIMS server (and so isn't capable of
stopping dictionary attacks) so it's just passing the attack on to the
primary.

If this is the case, and 203.50.1.76 is in your Client List (as your
secondary MX it should be, if it's not you need to add it), then it looks
like the temporary blacklisting may be overriding the Client List - which I
think is a good thing (as temporary blacklisting could only result from a
dictionary attack).

So, basically I think everything is running fine on your machine. If you're
in doubt try sending mail through your secondary (quit SIMS and send
yourself a message, which should end up at the backup and then be delivered
onwards to SIMS when you launch it again).

  Steve Linford

________________________________________________________________________
  Ultradesign Xperimental Network   http://www.uxn.com


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster