Three NameServer DOSing my <dns1>

Michelle Konzack linux4michelle at tamay-dogan.net
Thu Jul 29 18:11:26 UTC 2010 

Hello Matus UHLAR - fantomas,

Am 2010-07-29 19:37:50, hacktest Du folgendes herunter:
> apparently internal_networks set up incorrectly?

No it is the problem if a customer connect trough a VPN to the Router of
the employer/enterprise and send out messages using the the companys own
mail relay and fro there it comes to me to the rest of the world

Note:  My customers are in my network through FTTH.

> I see the name "michelle1.private.tamay-dogan.net" in two headers:
> 
> Received: from michelle1.private.tamay-dogan.net
>         (router.private.tamay-dogan.net [::ffff:192.168.0.65])
>         (AUTH: LOGIN michelle.konzack)
>         by mail.tamay-dogan.net with esmtp; Thu, 29 Jul 2010 19:16:29 +0200
>         id 0002C6F8.4C51B76D.000055D9
> Received: by michelle1.private.tamay-dogan.net (sSMTP sendmail emulation);
>         Thu, 29 Jul 2010 19:16:28 +0200

This is because <192.168.0.65> is the gateway of my private /26  network
which is NATed and is conected directly on my router.

> Note that I'm just guessing and it's apparently not spamassassin. However
> there are many spam filters deeply parsing headers and some qute
> incorrectly.
> 
> I think you are on spamassassin-users mailing list and you could remember
> that problems with deeply parsed headers on some mailservers are mentioned
> there quite often.

I know the threads...

> header causes some filters try to resolve your hostname. You can try using
> msmtp or similar smtp client to see if it helps.

Already tried.  It is always the same and RFC conform. :-D

> I know because I've seen your posts on courier-users mailing list too.
> Actually I even know you are debian user, guess why :-)

hehehe

> Your hostname is private and inaccessible from the outside. The requesters
> get SERVFAIL reply which apparently makes them retry. If you provided them
> any IP address (e.g. 127.0.0.1) they could be satisfied and stop trying
> (until the cached record expires). You can try this if it makes you angry.

I have removed the REJECT and immediatly gotten over 7000  MAILER-DAEMON
errors from arround the  world  and  this  idiots  are  attaching  WHOLE
messages including attackments to it.

99% are MAILER-DAEMON messages du to faked From: using <linux4michelle>.

Also the tries from  <dtag.de>,  <t-dialin.net>  and  <arcor-ip.de>  are
mostly MAILERDAEMON spam.

Tomorrow I will call the "Deutsche Telecom" directly in Ofenburg/Germany
since I am angy and I like to bother them.  They should be a little  bit
busy like me.  :-D

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems at tdnet France EURL       itsystems at tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz                 Kinzigstraße 17
67100 Strasbourg/France           77694 Kehl/Germany
Tel: +33-6-61925193 mobil         Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4michelle at jabber.ccc.de
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100729/353ba8f9/attachment.bin>

More information about the bind-users mailing list