Results 1 to 3 of 3

Thread: Probed for open relay, One account being a catch all

  1. #1
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default Probed for open relay, One account being a catch all

    So Lately I've been getting random emails or spam to my Tech svc account.
    It's kind been acting like a catch all for some reason.

    I want to know if this is cause by the Taiwan and Italy spam cannons?
    the logs keep showing the same send to email *sseenndd1201@yahoo.com.hk* coming from different ip's and it's annoying me and I'm wondering if this is the reason why my tech svc account keeps getting spam but not my personal, admin or online only accounts.

    Anyway to stop them from probing my mail server?

    and How can I stop my Tech Svc account from being a catch all?


    NOQUEUE: reject: RCPT from 123-204-201-194.adsl.dynamic.seed.net.tw[123.204.201.194]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
    NOQUEUE: reject: RCPT from 123-204-201-194.adsl.dynamic.seed.net.tw[123.204.201.194]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
    4F519DA04C1: to=<zimbra@>, relay=none, delay=0.19, delays=0.04/0.1/0/0.05, dsn=5.0.0, status=bounced (org)

    NOQUEUE: reject: RCPT from modemcable038.131-70-69.static.videotron.ca[69.70.131.38]: 554 5.7.1 <spamery@tiscali.it>: Relay access denied; from=<spamery@tiscali.it> to=<spamery@tiscali.it> proto=ESMTP helo=<serveur>
    NOQUEUE: reject: RCPT from unknown[112.104.12.159]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
    NOQUEUE: reject: RCPT from 123-204-166-108.adsl.dynamic.seed.net.tw[123.204.166.108]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
    NOQUEUE: reject: RCPT from host-69-145-92-198.static.bresnan.net[69.145.92.198]: 554 5.7.1 <spamery@tiscali.it>: Relay access denied; from=<spamery@tiscali.it> to=<spamery@tiscali.it> proto=ESMTP helo=<server>
    299EADA04B3: to=<zimbra@org>, relay=none, delay=0.11, delays=0.02/0.03/0/0.06, dsn=5.0.0, status=bounced (.org)
    299EADA04B3: sender non-delivery notification: 45149DA04B4
    45149DA04B4: to=<zimbra@org>, relay=none, delay=0.04, delays=0.02/0.01/0/0.01, dsn=5.0.0, status=bounced (org)
    NOQUEUE: reject: RCPT from 124-11-193-14.dynamic.tfn.net.tw[124.11.193.14]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<n5ff85y6jj@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
    20AD0DA04B3: to=<zimbra@org>, relay=none, delay=0.1, delays=0.03/0.06/0/0.01, dsn=5.0.0, status=bounced (org)
    20AD0DA04B3: sender non-delivery notification: 3BD6EDA04B4
    3BD6EDA04B4: to=<zimbra@org>, relay=none, delay=0.03, delays=0.01/0.01/0/0, dsn=5.0.0, status=bounced (org)
    NOQUEUE: reject: RCPT from 124-11-194-47.dynamic.tfn.net.tw[124.11.194.47]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<n5ff85y6jj@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
    4B2AEDA04B5: to=<zimbra@org>, relay=none, delay=0.06, delays=0.04/0.01/0/0.01, dsn=5.0.0, status=bounced (org)
    4B2AEDA04B5: sender non-delivery notification: 593F4DA04B6
    593F4DA04B6: to=<zimbra@org>, relay=none, delay=0.05, delays=0.01/0/0/0.04, dsn=5.0.0, status=bounced (org)
    just a few for examples.

    The spam messages from Tech Svc Account start off with this
    Put TOGI on your screen, and pay close attention !

    Tornado Gold International Corp

    Syml: TOGI
    Current Value: $0.05
    Short Term Tarrget: $0.55
    Long Term Tarrget: $1.00
    Industry: Gold Mining

    Wednesday volume : 1M
    Tuesday volume : 1.1M

    Tornado Gold International Corp ( TOGI . PK ), an exploration stage company,
    engages in the acquisition and exploration of mining prospects, primarily
    gold in Nevada. The Company has interests in 16 properties, which comprise
    of approximately 45,000 acres located in the North-Central Nevada area.
    One of these properties, 'Illipah' is believed to contain up to 7ml ounces of
    gold. TOGI has so far been able to extract 37,000 ounces of gold. Another property
    is an exiting mine that was in production, but was forced to shut down due to
    technological inefficiencies that now been resolved and production has begun
    to commence once again.

    We expect huge gains from new announcements this week.

    We are giving TOGI our highest rating of 5 stars and stress to follow it closely.
    and then have some sort of new snippets after it like this one for example.

    CNNs Flavia Taggiasco in Rome Italy and Alessio Vinci in Ankara contributed to this report

    Copyright 2006 CNN All rights reservedThis material may not be published broadcast rewritten or
    redistributed Associated Press contributed to this report
    TAMPA Florida (CNN) -- Eight former employees of the Bay County Sheriffs
    Office were charged Tuesday with aggravated manslaughter in the death of
    a 14-year-old at a Florida boot camp for juvenile offenders
    State Attorney Mark Ober said seven former guards and a nurse are accused of
    causing the death of Martin Anderson by culpable negligence If convicted each could face up to 30 years in prison
    Anderson collapsed January 5 at the sheriffs office Boot Camp program in Panama
    City Florida He had complained of breathing difficulties while running around a
    It's weird way to spam perhaps it piggy backing another message or news update.
    Last edited by Mad Professor; 05-28-2009 at 07:29 PM.

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Do you happen to use that account for mailing lists at all ? If it was a *true* catch all account then you would probably have a lost more SPAM in it With respect to the second email you have posted then my assumption would be that the spammers are attempting to poison your Bayes. If the SPAMs are always from the same email address then you have two choices 1) Create a custom SA rule based on the address and score high 2) Have a look at the blacklist section in Improving Anti-spam system - Zimbra :: Wiki

  3. #3
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default

    Quote Originally Posted by uxbod View Post
    Do you happen to use that account for mailing lists at all ? If it was a *true* catch all account then you would probably have a lost more SPAM in it
    Nope strictly a client to tech base, I set this account up awhile go but I haven't start using it yet, so my email address hasn't been given out to anybody and/or only 1 or 2 people I know have it.

    Quote Originally Posted by uxbod View Post
    With respect to the second email you have posted then my assumption would be that the spammers are attempting to poison your Bayes.
    I'm not familiar with that term, please enlighten me.

    Quote Originally Posted by uxbod View Post
    If the SPAMs are always from the same email address then you have two choices 1) Create a custom SA rule based on the address and score high 2) Have a look at the blacklist section in Improving Anti-spam system - Zimbra :: Wiki
    Well that's the problem all the messages are trying to get to "sseenndd1201@yahoo.com.hk" but they are coming from different domains and ip's.

    But I'll take a look at the wiki and see what I can do.
    Last edited by Mad Professor; 05-29-2009 at 01:26 PM.

Similar Threads

  1. Adding Hotmail Account always fails - WHY? What to do?
    By TygerZoyd in forum General Questions
    Replies: 13
    Last Post: 10-03-2013, 06:42 PM
  2. Zimbra Desktop won't resolve hostnames
    By btriem in forum Error Reports
    Replies: 10
    Last Post: 09-09-2009, 08:30 AM
  3. Could use some advise: Re: Relay setup
    By DMRDave in forum Administrators
    Replies: 3
    Last Post: 07-18-2008, 09:05 PM
  4. Catch all account
    By jch2os in forum Administrators
    Replies: 2
    Last Post: 08-01-2007, 08:16 AM
  5. Catch All for a specific account
    By LaptopsForLess in forum Administrators
    Replies: 4
    Last Post: 01-25-2007, 11:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •