From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: David Presotto To: 9fans@cse.psu.edu Subject: Re: [9fans] spam originating from a Plan 9 installation In-Reply-To: <24083a5d85e5fe796a949845afcdb396@plan9.ucalgary.ca> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-kqihsszscslphurolgbnqpoljx" Date: Sun, 16 Nov 2003 16:31:32 -0500 Topicbox-Message-UUID: 8b57fdf4-eacc-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-kqihsszscslphurolgbnqpoljx Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit I believe in queue.dump or some such, I'll have to look at the source, its all bobf's stuff. --upas-kqihsszscslphurolgbnqpoljx Content-Type: message/rfc822 Content-Disposition: inline Received: from plan9.cs.bell-labs.com ([135.104.9.2]) by plan9; Sun Nov 16 13:53:38 EST 2003 Received: from mail.cse.psu.edu ([130.203.4.6]) by plan9; Sun Nov 16 13:53:36 EST 2003 Received: by mail.cse.psu.edu (CSE Mail Server, from userid 60001) id CA56E19BE3; Sun, 16 Nov 2003 13:53:26 -0500 (EST) Received: from psuvax1.cse.psu.edu (psuvax1.cse.psu.edu [130.203.4.6]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 612AB19BDE; Sun, 16 Nov 2003 13:53:10 -0500 (EST) X-Original-To: 9fans@cse.psu.edu Delivered-To: 9fans@cse.psu.edu Received: by mail.cse.psu.edu (CSE Mail Server, from userid 60001) id 40A0119BCC; Sun, 16 Nov 2003 13:52:58 -0500 (EST) Received: from plan9.ucalgary.ca (unknown [136.159.220.110]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 2B5B4199BC for <9fans@cse.psu.edu>; Sun, 16 Nov 2003 13:52:47 -0500 (EST) Message-ID: <24083a5d85e5fe796a949845afcdb396@plan9.ucalgary.ca> To: 9fans@cse.psu.edu Subject: Re: [9fans] spam originating from a Plan 9 installation From: mirtchov@cpsc.ucalgary.ca In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: 9fans-admin@cse.psu.edu Errors-To: 9fans-admin@cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.0.11 Precedence: bulk Reply-To: 9fans@cse.psu.edu List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Archive: Date: Sun, 16 Nov 2003 11:52:45 -0700 X-Spam-Status: No, hits=0.3 required=5.0 tests=IN_REP_TO,NO_REAL_NAME version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) it's fixed now with a much more restrictive networks definition in smtpd.conf. in fact, i'm tempted to completely remove any machines from my relay list, but i'm not sure this won't break anything, so i've left only the machine running smtpd. out of the whole thing, my logs are left with a pretty detailed list of emails and businesses sending spam to them: plan9% grep 'Bad Forward' smtpd | wc -l 182 plan9% and this is for the past 10 minutes since i turned smtpd back on! here's how it looks like, so others will know what to look for in the logs: plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!marialices) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!smileyohio) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!rpiiibc) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!libertyagogo) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!janedugan) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!archiedorsman) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!edpm123) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!kitarou33) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!luckyduck132) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!frost3882) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!jmfdigiovanni) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!zaman90614) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!pfcnut) plan9 Nov 16 11:46:44 Bad Forward upbitchart.us!lilypye (mail.enddownstatus.us/136.159.139.8) (aol.com!ambuler74) cheers, and thanx for the help: andrey ps: smtpd.conf has this: saveblockedmsg on #save blocked messages where are those messages stored (i admit not looking for them very thoroughly)? --upas-kqihsszscslphurolgbnqpoljx--