Roeland M.J. Meyer rmeyer at
Sat Feb 14 16:53:19 GMT 1998

Hey gang, 

In the process of chasing this thing down, I got this note about one-less
open-relay, after this weekend.

>From: friedl at (Stephen J. Friedl)
>X-Mailer: SCO System V Mail (version 3.2)
>To: rmeyer at
>Subject: VSI.COM spam
>Cc: scott at
>Date: Fri, 13 Feb 98 15:46:17 PST
>Good afternoon,
>>This spam was inserted at The evidence is fairly
>>conclusive. However, only an analysis of your logs can determine exactly
>>who this luser is.
>I am a consultant helping V-Systems ( run their internet site,
>and the message below did not originate from us -- we were used as a
>relay. We have known of our being on somebody's spam relay list and have
>been taking steps to fix it. Last weekend we cut over to the latest
>sendmail, but when I tried to add the rules that prevent relay it
>broke our regular mail so I had to take it out. This weekend I will
>make another run at it and see if I get any farther.
>I do sendmail for my customers just often enough to think I can learn
>it with enough staring at the bat book, but not often enough to get
>good at it. I am sickened by these spammers and resent them making
>me/us/you go through so many hoops. Cocksuckers.
>In the hopes that we can track down who did this, I'll annotate
>your notes:
>> There is definitely a Star Wars fan on the Sys Admin staff <grin>.
>That would be Rob. ;-)
>>I believe that I'm correct in assuming that this RL is bogus, since it
>>followed a From: line.
>>>Received: from (
>The "" is bogus, but the machine name in parens is correct.
>Our syslog entry for this message shows:
>>Feb 13 03:55:41 sendmail[15881]: DAA15881: \
>>	from=<somebody at>, size=7468, class=0, pri=607468,
>>	nrcpts=20, msgid=<199802131154.DAA15881 at>, proto=SMTP,
>> []
>This IP address traceroutes into what I believe is territory.
>The clock on obiwan is about four minutes slow in case you're trying to
>synchronize your logs. This weekend I'll get the time server running
>to make sure our clocks are accurate.
>Really, we're guilty of providing unknowing relay, but we did not 
>originate this spam. Thank you for your detailed report, and hopefully
>you'll not get any more trash from us again.
>Stephen J Friedl | Software Consultant | Tustin, CA |   +1 714 544-6561
>3B2-kind-of-guy  | I speak for me only |   KA8CMY   | friedl at
Roeland M.J. Meyer, ISOC (InterNIC RM993)
e-mail:		mailto:rmeyer at
Personalweb pages:
Company web-site:
Watch for the SecureMail system at MHSC.NET

More information about the samba mailing list