[afnog] HOW can I stop outgoing spam
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Sep 27 12:28:22 UTC 2011
On Tue, Sep 27, 2011 at 03:16:39PM +0300,
saleh ali <saleh.shihab at live.com> wrote
a message of 100 lines which said:
> The following email is taken from one of DNSBL
You really should use *your* logs, not external reports (which may be
trusted or not).
> Return-Path: <edwardsoper20 at yahoo.com.hk>
OK, one of the users of your email servers use a Yahoo account. No
problem.
> Received: from localhost.localdomain (mail.sustech.edu
> [41.67.53.23])
Your mail server is badly configured (it uses "localhost.localdomain"
instead of its real name).
> Received: from 82.128.14.236 ([82.128.14.236])
That's the important info which was *not* in your logs (fix your logs
urgently: you cannot manage a system which does not log the IP
addresses of the clients). Is 82.128.14.236 one of your legitimate
users? Afrinic's database tells us it is Multilinks
Telecommunications, in Nigeria, at the other end of Africa. Do you
know them?
Anyway, you now know the origin of the spam: talk to them, fire them,
block them in the firewall, lecture them, etc, depending on your
relationship with them.
> by localhost.localdomain
Same problem. Bad configuration of your email server.
> (DeskNow) with SMTP ID 539;
I do not know DeskNow. It seems a commercial product so you should ask
help from the company which sold it to you. My experience is more with
free software such as Postfix.
> Subject: Business Proposal
It is really a spam.
More information about the afnog
mailing list