[Mimedefang] Spammer trying to hack my system!

dave dave.shepherd at Vixel.com
Mon Jul 15 12:23:01 EDT 2002 

This is a great group - I'm learning a lot from you folks.

Below is part of my syslog on a system running MIMEDefang 2.15 and
Sendmail - 8.12.4.
It appears that the Spammer is trying ( and gets PID 4492) to run the
command
'senderok <webmaster at aaaa.com> 211.244.190.180 [211.244.190.180]'

MIMEDefang rejects the messages - But what would happen if the sender
had tried a more damaging command ?
Is the "Starting slave ...' normal or do I have something to worry
about??

Thanks a Bunch
Dave


Jul 15 05:10:30 grouse sendmail[4482]: [ID 801593 mail.info]
g6FCASEP004482: from=<webmaster at aaaa.com>, size=6190, class=0, nrcpts=1,
msgid=<84190-22002744185428969 at aaaa.com>, bodytype=8BITMIME, proto=SMTP,
daemon=MTA, relay=[211.244.190.180]
Jul 15 05:10:36 grouse mimedefang-multiplexor: [ID 778059 mail.info]
Starting slave 3 (pid 4492) (3 running): About to execute command
'senderok <webmaster at aaaa.com> 211.244.190.180 [211.244.190.180]'
Jul 15 05:10:37 grouse mimedefang.pl[19989]: Message seems to be spam,
rejected
Jul 15 05:10:37 grouse mimedefang.pl[19989]: filter: g6FCASEP004482:
bounce=1
Jul 15 05:10:37 grouse sendmail[4482]: [ID 801593 mail.info]
g6FCASEP004482: Milter add: header: X-Spam-Status: Yes
Jul 15 05:10:37 grouse sendmail[4482]: [ID 801593 mail.info]
g6FCASEP004482: Milter change: header  Subject: from
(\377\377\377\377\377\377\377\377)\377\377\377\377
\377\377\377\377\377\377\377\377 pc\377\377\377\377
\377\377\377\377\377\377 \377\377\377\377\377\377\377\377
...\377\377\377\377\377\377\377\377\377\377... to
(**********************)
(\377FFFFBC\377FFFFBA\377FFFFC0\377FFFFCE\377FFFFB1\377FFFFA4\377FFFFB0\377FFFFED)\377FFFFC4\377FFFFAE\377FFFFB6\377FFFFF3
\377FFFFC7\377FFFFDA\377FFFFB5\377FFFFE5\377FFFFC6\377FFFFF9\377FFFFB0\377FFFFFA
pc\377FFFFC6\377FFFFF9\377FFFFC0\377FFFFCC
\377FFFFB0\377FFFFA1\377FFFFC0\377FFFFD4\377FFFFC0\377FFFFDA
\377FFFFC0\377FFFFFC\377FFFFBF\377FFFFF8\377FFFFBF\377FFFFA1\377FFFFB0\377FFFFD4
...\377FFFFBF\377FFFFA9\377FFFFC7\377FFFFE0\377FFFFB1\377FFFFC7\377FFFFB1\377FFFFEE\377FFFFC1\377FFFFF6...

Jul 15 05:10:37 grouse mimedefang[13665]: [ID 122068 mail.debug]
Bouncing because filter instructed us to
Jul 15 05:10:37 grouse sendmail[4482]: [ID 801593 mail.info]
g6FCASEP004482: Milter: data, reject=554 5.7.1 Message seems to be spam,
rejected
Jul 15 05:10:37 grouse sendmail[4482]: [ID 801593 mail.info]
g6FCASEP004482: to=<tsweet at seattle.vixel.com>, delay=00:00:08,
pri=30431, stat=Message seems to be spam, rejected
Jul 15 05:10:40 grouse sendmail[4491]: [ID 801593 mail.info]
g6FCAZEP004491: from=<webmaster at aaaa.com>, size=6216, class=0, nrcpts=1,
msgid=<55651-22002744185437912 at aaaa.com>, bodytype=8BITMIME, proto=SMTP,
daemon=MTA, relay=[211.244.190.180]
Jul 15 05:10:48 grouse mimedefang.pl[4492]: Message seems to be spam,
rejected
Jul 15 05:10:48 grouse mimedefang.pl[4492]: filter: g6FCAZEP004491:
bounce=1
Jul 15 05:10:48 grouse mimedefang[13665]: [ID 122068 mail.debug]
Bouncing because filter instructed us to
Jul 15 05:10:48 grouse sendmail[4491]: [ID 801593 mail.info]
g6FCAZEP004491: Milter add: header: X-Spam-Status: Yes
Jul 15 05:10:48 grouse sendmail[4491]: [ID 801593 mail.info]
g6FCAZEP004491: Milter change: header  Subject: from
(\377\377\377\377\377\377\377\377)\377\377\377\377
\377\377\377\377\377\377\377\377 pc\377\377\377\377
\377\377\377\377\377\377 \377\377\377\377\377\377\377\377
...\377\377\377\377\377\377\377\377\377\377... to
(**********************)
(\377FFFFBC\377FFFFBA\377FFFFC0\377FFFFCE\377FFFFB1\377FFFFA4\377FFFFB0\377FFFFED)\377FFFFC4\377FFFFAE\377FFFFB6\377FFFFF3
\377FFFFC7\377FFFFDA\377FFFFB5\377FFFFE5\377FFFFC6\377FFFFF9\377FFFFB0\377FFFFFA
pc\377FFFFC6\377FFFFF9\377FFFFC0\377FFFFCC
\377FFFFB0\377FFFFA1\377FFFFC0\377FFFFD4\377FFFFC0\377FFFFDA
\377FFFFC0\377FFFFFC\377FFFFBF\377FFFFF8\377FFFFBF\377FFFFA1\377FFFFB0\377FFFFD4
...\377FFFFBF\377FFFFA9\377FFFFC7\377FFFFE0\377FFFFB1\377FFFFC7\377FFFFB1\377FFFFEE\377FFFFC1\377FFFFF6...

Jul 15 05:10:48 grouse sendmail[4491]: [ID 801593 mail.info]
g6FCAZEP004491: Milter: data, reject=554 5.7.1 Message seems to be spam,
rejected
Jul 15 05:10:48 grouse sendmail[4491]: [ID 801593 mail.info]
g6FCAZEP004491: to=<tsweet at seattle.vixel.com>, delay=00:00:10,
pri=30457, stat=Message seems to be spam, rejected

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.shepherd.vcf
Type: text/x-vcard
Size: 326 bytes
Desc: Card for dave
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20020715/402e0c56/attachment.vcf>

More information about the MIMEDefang mailing list