[svlug] Bad email

Skip Evans skip at venomouspenguin.com
Tue Mar 29 09:57:05 PST 2005


I am now under the impression this could be worm-spam
from a very large number of infected machines out there.

If so, isn't it kind of impossible to block it? This server
answers email for diamond dealers in NYC and can get
legitimate email from anyone in the world, so how would
you go about sorting out the spam from the real?

Skip

Robert Hajime Lanning wrote:

>Grep for the queue ID. "j2RC8ORJ030415"
>
>Sendmail puts different information in different log entries.
>The only real way to match them up is via the queue ID.
>
><quote who="Skip Evans">
>  
>
>>Mar 27 04:09:37 207-234-129-112 sendmail[30415]: j2RC8ORJ030415:
>><tim at gemstones.com>... User unknown
>>
>>These things are coming in by the ton, and I was hoping of locating a
>>source IP address, maybe a couple of them, and adding them to
>>/etc/hosts.deny. But maillog does not record this information.
>>
>>Is there another log file where I can locate it?
>>
>>I also found out about 'blacklisting' in sendmail, and will consider
>>that if I can't find just one IP address to deny.
>>
>>Any suggestions would be greatly appreciated.
>>    
>>
>
>  
>





More information about the svlug mailing list