[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] spam relay problems
- Subject: RE: [cobalt-security] spam relay problems
- From: "Darren Stieben" <dstieben@xxxxxxxxxxxx>
- Date: Fri, 13 Jul 2001 09:53:48 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I have a pc attached to the same hub as the RAQ and I'm running "sniffer" on
it which captures network packets. I'm just capturing packets for a few
minutes at a time and then looking at them to see what's running through the
network.
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of njd76
Sent: Friday, July 13, 2001 9:34 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] spam relay problems
What log files are you looking at when finding the "relay denied"
message and the ip's spammers are using.
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Darren
Stieben
Sent: Friday, July 13, 2001 10:15 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] spam relay problems
I have a RAQ XTR and have checked the "check mail before smtp relay" box
on
the gui interface but spammers are still using my box to relay through.
I
was under the impression that once this box was checked, no one could
use
the RAQ to relay through. I have been watching the network traffic to
the
RAQ and I can see several instances where the "relay denied" message is
displayed so I feel it is partly working, but I can also see that the
spammers are bypassing this and continuing to relay through my RAQ. On
some
of the lines, I can see that they have added my domain name to the end
of
their email address, but their address is not listed as a user on my
system.
The only way I have found to be able to stop this from happening is to
deny
the ip addresses of the spammers on my firewall, but that only works for
a
short time until they change addresses. Is there a file I can modify
somewhere that will turn off all relaying and not allow the RAQ to be
fooled
into thinking that the spammers are legitimate users? What other
options do
I have as far as the RAQ is concerned? Please help!
dstieben@xxxxxxxxxxxx
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security