Spamming sample

hcl-bot · December 22, 2005, 9:40am

Hi,

Our SMTP server appears to generate spam traffic. First of all i need to tell you that i set our server configuration document to not relay any mail (“*” in 2nd and 4th fields in smtp inbound tab).

How could i say i generate spam trafic ? Here is the mail routing log :

SMTP Server: 192.168.0.3 connected (our antispam server)

SMTP Server: Message 003E9841 received

SMTP Server: 192.168.0.3 disconnected. 1 message[s] received

Router: Unable to deliver message 003E9841 to reservationmusee@our-domain.com

User reservationmusee@our-domain.com not listed in public Name & Address Book

Router: Message 003E0397 transferred to our.smtp.relay for ffofsgwz@drallagroup.com via SMTP

Router: Message 003E5B72 transferred to our.smtp.relay for tanyam2@mono.lv via SMTP

Router: Message 003E9283 transferred to our.smtp.relay for twgzokgljrkgf@hotmail.com via SMTP

Router: Message 003E96D3 transferred to our.smtp.relay for MperfBouncesVF7N02800012N0003IV8P@bp06.net via SMTP

As you can see, i receive a mail from my antispam server for an unknown user.

Just after receiving this mail my server sent 4 (sometimes more) mails (spam) to external user adresses.

All this logs in the same second !

Do you think i’m wrong in my analyse ? Could you tell me more on this ?

Thanks in advance

Julien

hcl-bot · December 22, 2005, 11:27am

Subject: RE: Spamming sample…

Most likely your server is sending non-delivery notices to the “senders” of the inbound message. This is a fairly common spammer technique. To stop it, you can either configure your server to hold all undeliverable messages (in ND7 on the configuration doc, Router/SMTP tab, Advanced tab, Controls tab, right hand column, top section), or to drop the inbound session if no valid recipients are found (in ND7 on the configuration doc, Router/SMTP tab, Restrictions and Controls tab, SMTP Inbound Controls tab, right hand column, bottom section, “Verify that local domain recipients exist in the Domino Directory”).

hcl-bot · December 22, 2005, 12:56pm

Subject: RE: Spamming sample…

If after you set Domino to verify local recipients, you see that your Domino continues “sending” spam, maybe your antispam server is misconfigured and it is accepting messages to relay. If your Domino is set to accept all email from the antispam server, it will accept and will deliver the spam message.

Regards,

Oswaldo Escobar Mendoza

Lima, Perú