Three NameServer DOSing my <dns1>
Michelle Konzack
linux4michelle at tamay-dogan.net
Thu Jul 29 18:11:26 UTC 2010
Hello Matus UHLAR - fantomas,
Am 2010-07-29 19:37:50, hacktest Du folgendes herunter:
> apparently internal_networks set up incorrectly?
No it is the problem if a customer connect trough a VPN to the Router of
the employer/enterprise and send out messages using the the companys own
mail relay and fro there it comes to me to the rest of the world
Note: My customers are in my network through FTTH.
> I see the name "michelle1.private.tamay-dogan.net" in two headers:
>
> Received: from michelle1.private.tamay-dogan.net
> (router.private.tamay-dogan.net [::ffff:192.168.0.65])
> (AUTH: LOGIN michelle.konzack)
> by mail.tamay-dogan.net with esmtp; Thu, 29 Jul 2010 19:16:29 +0200
> id 0002C6F8.4C51B76D.000055D9
> Received: by michelle1.private.tamay-dogan.net (sSMTP sendmail emulation);
> Thu, 29 Jul 2010 19:16:28 +0200
This is because <192.168.0.65> is the gateway of my private /26 network
which is NATed and is conected directly on my router.
> Note that I'm just guessing and it's apparently not spamassassin. However
> there are many spam filters deeply parsing headers and some qute
> incorrectly.
>
> I think you are on spamassassin-users mailing list and you could remember
> that problems with deeply parsed headers on some mailservers are mentioned
> there quite often.
I know the threads...
> header causes some filters try to resolve your hostname. You can try using
> msmtp or similar smtp client to see if it helps.
Already tried. It is always the same and RFC conform. :-D
> I know because I've seen your posts on courier-users mailing list too.
> Actually I even know you are debian user, guess why :-)
hehehe
> Your hostname is private and inaccessible from the outside. The requesters
> get SERVFAIL reply which apparently makes them retry. If you provided them
> any IP address (e.g. 127.0.0.1) they could be satisfied and stop trying
> (until the cached record expires). You can try this if it makes you angry.
I have removed the REJECT and immediatly gotten over 7000 MAILER-DAEMON
errors from arround the world and this idiots are attaching WHOLE
messages including attackments to it.
99% are MAILER-DAEMON messages du to faked From: using <linux4michelle>.
Also the tries from <dtag.de>, <t-dialin.net> and <arcor-ip.de> are
mostly MAILERDAEMON spam.
Tomorrow I will call the "Deutsche Telecom" directly in Ofenburg/Germany
since I am angy and I like to bother them. They should be a little bit
busy like me. :-D
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems at tdnet France EURL itsystems at tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle at jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100729/353ba8f9/attachment.bin>
More information about the bind-users
mailing list