[Postfixbuch-users] neue Art Spam zuzustellen?
Sven Schoeppner
schoeppner at biotec.uni-bremen.de
Mo Okt 11 13:59:20 CEST 2004
Hi zusammen,
ich habe mir gestern die Logfiles eines Mailservers angesehen und
folgendes festgetellt.
Es werden Mails an eine Mailadresse versandt (na was auch sonst...).
Ist der Sendeversuch erfolglos wg. abweisen der IP (RBL) wird dem
gleiche Empfänger von einem anderen Mailhost sofort wieder eine Mail
zuzustelllen.
Hierbei wechselt der Absender.
Ist die Mailzustellung aber erfolglos wg.
"User unknown in virtual mailbox table",
hören die zustellversuche sofort auf.
Fazit:
Der Spamversender benutzt meherer Open Relayserver.
Die Mailzustellungsversuche erfolgt immer solange bis erfolgreich
zugestellt wurde, oder wenn ein
Reject 550 gesendet wird.
Kann jemand die Art des Spamversand bestätigen?
---beispiel---
Emfänger ist user at biotec.uni-bremen.de
Oct 11 01:54:05 btsun1 postfix/smtpd[24264]: 96D1E36FA4: reject: RCPT
from unknown[219.251.175.96]: 554 Service unavailable; Client host
[219.251.175.96] blocked using blackholes.five-ten-sg.com;
from=<elvira_larahy at modernart.ie> to=<user at biotec.uni-bremen.de>
proto=SMTP helo=<star-pos.ru>
Oct 11 01:54:13 btsun1 postfix/smtpd[24264]: 037FE36FA4: reject: RCPT
from unknown[202.88.32.107]: 554 Service unavailable; Client host
[202.88.32.107] blocked using dnsbl-1.uceprotect.net; Sorry, IP
202.88.32.107 is blacklisted at Level 1 by UCEPROTECT-Network see
http://www.uceprotect.net; from=<r.swan_xb at moemlingen.de>
to=<user at biotec.uni-bremen.de> proto=SMTP helo=<tvcell.ru>
Oct 11 01:54:30 btsun1 postfix/smtpd[24264]: 9F85F36FA4: reject: RCPT
from unknown[210.222.61.200]: 554 Service unavailable; Client host
[210.222.61.200] blocked using blackholes.five-ten-sg.com;
from=<whitneydumascl at cible.be> to=<user at biotec.uni-bremen.de> proto=SMTP
helo=<cifp.ca>
Oct 11 01:54:42 btsun1 postfix/smtpd[24264]: 23AE836FA4: reject: RCPT
from unknown[220.66.166.206]: 554 Service unavailable; Client host
[220.66.166.206] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=220.66.166.206;
from=<mhandkk at stardreams.ru> to=<user at biotec.uni-bremen.de> proto=SMTP
helo=<modern-products.at>
Oct 11 01:55:26 btsun1 postfix/smtpd[24264]: 9CF5F36FA3: reject: RCPT
from unknown[203.243.244.169]: 554 Service unavailable; Client host
[203.243.244.169] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=203.243.244.169;
from=<emerycorderopj at cid-agenda.fr> to=<user at biotec.uni-bremen.de>
proto=SMTP helo=<modellbau-welt-heitmann.de>
Oct 11 01:55:35 btsun1 postfix/smtpd[24274]: D70B036FA3: reject: RCPT
from unknown[211.219.163.49]: 554 Service unavailable; Client host
[211.219.163.49] blocked using blackholes.five-ten-sg.com;
from=<lucia.dmcQueenyh at cie-online.de> to=<user at biotec.uni-bremen.de>
proto=SMTP helo=<modelguide.de>
Oct 11 01:55:44 btsun1 postfix/smtpd[24264]: 76D9A36FA3: reject: RCPT
from 219-88-173-244.jetstream.xtra.co.nz[219.88.173.244]: 554 Service
unavailable; Client host [219.88.173.244] blocked using
combined.njabl.org; Dynamic/Residential IP range listed by NJABL
dynablock - http://njabl.org/dynablock.html;
from=<p.miller_mx at 1-newsberlin.de> to=<user at biotec.uni-bremen.de>
proto=SMTP helo=<tv3.lv>
Oct 11 01:55:54 btsun1 postfix/smtpd[24274]: 8163C36FA3: reject: RCPT
from unknown[220.76.189.115]: 554 Service unavailable; Client host
[220.76.189.115] blocked using bl.spamcop.net; Blocked - see
http://www.spamcop.net/bl.shtml?220.76.189.115;
from=<alberta_silvavv at tvvest.no> to=<user at biotec.uni-bremen.de>
proto=SMTP helo=<cicorp.sk.ca>
Oct 11 01:56:09 btsun1 postfix/smtpd[24264]: 9D76036FA3: reject: RCPT
from unknown[220.84.205.175]: 554 Service unavailable; Client host
[220.84.205.175] blocked using blackholes.five-ten-sg.com;
from=<dillonnewman_vr at tviund.is> to=<user at biotec.uni-bremen.de>
proto=SMTP helo=<stanford.firenze.it>
Oct 11 01:56:19 btsun1 postfix/smtpd[24274]: 8D03036FA3: reject: RCPT
from unknown[203.243.244.169]: 554 Service unavailable; Client host
[203.243.244.169] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=203.243.244.169;
from=<orozco_nl at cifp.ca> to=<user at biotec.uni-bremen.de> proto=SMTP
helo=<tvvest.no>
Oct 11 01:56:49 btsun1 postfix/smtpd[24264]: 1252B36FA3: reject: RCPT
from unknown[218.6.241.104]: 554 Service unavailable; Client host
[218.6.241.104] blocked using list.dsbl.org;
http://dsbl.org/listing?218.6.241.104; from=<emuller_zk at cifec-sa.fr>
to=<user at biotec.uni-bremen.de> proto=SMTP helo=<stargate-club.de>
Oct 11 01:56:56 btsun1 postfix/smtpd[24274]: 28B2B36FA3: reject: RCPT
from unknown[203.231.190.254]: 554 Service unavailable; Client host
[203.231.190.254] blocked using dnsbl-2.uceprotect.net; Sorry, Net
203.231.190.0/24 is blacklisted at Level 2 by UCEPROTECT-Network see
http://www.uceprotect.net; from=<patelrb at emar.it>
to=<user at biotec.uni-bremen.de> proto=SMTP helo=<stargate.msk.ru>
Oct 11 01:57:31 btsun1 postfix/smtpd[24264]: CD87A36FA3: reject: RCPT
from 61-58-105-170.cm.ubbn.net[61.58.105.170]: 550
<user at biotec.uni-bremen.de>: User unknown in virtual mailbox table;
from=<fannie.raineysy at ciberespacio.cl> to=<user at biotec.uni-bremen.de>
proto=SMTP helo=<cica.ca>
Mehr Informationen über die Mailingliste Postfixbuch-users