OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
(no subject)

From: Johnson, S (sjohnsonedina.k12.mn.us)
Date: Thu Apr 24 2008 - 09:31:00 CDT

After months of doing a great job, I started to get spam back into my
system again.

 

Apr 23 16:26:06 mail sqlgrey: grey: new: 82.67.64.191(82.67.64.191),
fetamemoryplus.org -> sjohnsonmydomain.com

Apr 23 16:26:06 mail postfix/smtpd[23130]: NOQUEUE: reject: RCPT from
mut38-1-82-67-64-191.fbx.proxad.net[82.67.64.191]: 450 4.7.1
<fetamemoryplus.org>: Sender address rejected: Greylisted for 5
minutes; from=<fetamemoryplus.org> to=<sjohnsonmydomain.com>
proto=SMTP helo=<wzbkw.proxad.net>

 

(waited exactly 5 minutes to retry connection)

 

Apr 23 16:31:10 mail sqlgrey: grey: reconnect ok:
82.67.64.191(82.67.64.191), fetamemoryplus.org -> sjohnsonmydomain.com
(00:05:04)

Apr 23 16:31:10 mail sqlgrey: grey: from awl: 82.67.64.191,
fetamemoryplus.org added

Apr 23 16:31:11 mail postfix/cleanup[22561]: 9A56FC3804F: hold: header
Received: from wzbkw.proxad.net (mut38-1-82-67-64-191.fbx.proxad.net
[82.67.64.191])??by mydomain.com (Postfix) with SMTP id 9A56FC3804F??for
<sjohnsonmydomain.com>; Wed, 23 Apr 2008 16:31:10 - from
mut38-1-82-67-64-191.fbx.proxad.net[82.67.64.191];
from=<fetamemoryplus.org> to=<sjohnsonmydomain.com> proto=SMTP
helo=<wzbkw.proxad.net>

Apr 23 16:31:15 mail amavis[22991]: (22991-13) ESMTP::10024
/var/spool/amavisd/tmp/amavis-20080423T162212-22991:
<fetamemoryplus.org> -> <sjohnsonmydomain.com> SIZE=3295 Received:
from mydomain.com ([127.0.0.1]) by localhost (mail.mydomain.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP for
<sjohnsonmydomain.com>; Wed, 23 Apr 2008 16:31:15 -0500 (CDT)

Apr 23 16:31:15 mail amavis[22991]: (22991-13) Checking: 71NV2CxrKvcf
[82.67.64.191] <fetamemoryplus.org> -> sjohnsonmydomain.com
<mailto:sjohnsonedina.k12.mn.us>

Apr 23 16:31:16 mail amavis[22991]: (22991-13) FWD via SMTP:
<fetamemoryplus.org> -> <sjohnsonmydomain.com>, BODY=8BITMIME 250
2.6.0 Ok, id=22991-13, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued
as 61909C3804AApr 23 16:31:16 mail amavis[22991]: (22991-13) Passed
CLEAN, [82.67.64.191] [82.67.64.191] <fetamemoryplus.org> ->
<sjohnsonmydomain.com>, Message-ID:
<9149664024.20080423221319rutasnc.it>, mail_id: 71NV2CxrKvcf, Hits:
2.701, queued_as: 61909C3804A, 1312 ms

 

It sucks that they are now starting to re-queue their stupid spam; why
don't they GET A CLUE that we don't want their crp.

 

Anyone have an idea on how I can help shore this up?

 

In my main.cf I've got:

 

            reject_invalid_hostname,

            reject_non_fqdn_sender,

            reject_non_fqdn_recipient,

            reject_unknown_recipient_domain,

            reject_unauth_pipelining,

            permit_mynetworks,

            reject_unauth_destination,

            reject_rbl_client combined.njabl.org,

            reject_rbl_client list.dsbl.org,

            reject_rbl_client bl.spamcop.net,

            reject_rbl_client sbl-xbl.spamhaus.org,

            reject_rbl_client list.dsbl.org,

            reject_rbl_client all.rbl.jp,

            reject_rbl_client rbl-plus.mail-abuse.org,

            check_policy_service inet:127.0.0.1:2501,

            permit

 

Shouldn't that prohibit the postfix from allowing a connection with a
server using: "wzbkw.proxad.net (mut38-1-82-67-64-191.fbx.proxad.net
[82.67.64.191])" as a hostname?

 

 Thanks,

   Scott