Probed for open relay, One account being a catch all

[Mad Professor]

So Lately I've been getting random emails or spam to my Tech svc account.
It's kind been acting like a catch all for some reason.

I want to know if this is cause by the Taiwan and Italy spam cannons?
the logs keep showing the same send to email *sseenndd1201@yahoo.com.hk* coming from different ip's and it's annoying me and I'm wondering if this is the reason why my tech svc account keeps getting spam but not my personal, admin or online only accounts.

Anyway to stop them from probing my mail server?

and How can I stop my Tech Svc account from being a catch all?

Quote:

NOQUEUE: reject: RCPT from 123-204-201-194.adsl.dynamic.seed.net.tw[123.204.201.194]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
NOQUEUE: reject: RCPT from 123-204-201-194.adsl.dynamic.seed.net.tw[123.204.201.194]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
4F519DA04C1: to=<zimbra@>, relay=none, delay=0.19, delays=0.04/0.1/0/0.05, dsn=5.0.0, status=bounced (org)

Quote:

NOQUEUE: reject: RCPT from modemcable038.131-70-69.static.videotron.ca[69.70.131.38]: 554 5.7.1 <spamery@tiscali.it>: Relay access denied; from=<spamery@tiscali.it> to=<spamery@tiscali.it> proto=ESMTP helo=<serveur>
NOQUEUE: reject: RCPT from unknown[112.104.12.159]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
NOQUEUE: reject: RCPT from 123-204-166-108.adsl.dynamic.seed.net.tw[123.204.166.108]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<uj6l9gh8k5w@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
NOQUEUE: reject: RCPT from host-69-145-92-198.static.bresnan.net[69.145.92.198]: 554 5.7.1 <spamery@tiscali.it>: Relay access denied; from=<spamery@tiscali.it> to=<spamery@tiscali.it> proto=ESMTP helo=<server>

Quote:

299EADA04B3: to=<zimbra@org>, relay=none, delay=0.11, delays=0.02/0.03/0/0.06, dsn=5.0.0, status=bounced (.org)
299EADA04B3: sender non-delivery notification: 45149DA04B4
45149DA04B4: to=<zimbra@org>, relay=none, delay=0.04, delays=0.02/0.01/0/0.01, dsn=5.0.0, status=bounced (org)
NOQUEUE: reject: RCPT from 124-11-193-14.dynamic.tfn.net.tw[124.11.193.14]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<n5ff85y6jj@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
20AD0DA04B3: to=<zimbra@org>, relay=none, delay=0.1, delays=0.03/0.06/0/0.01, dsn=5.0.0, status=bounced (org)
20AD0DA04B3: sender non-delivery notification: 3BD6EDA04B4
3BD6EDA04B4: to=<zimbra@org>, relay=none, delay=0.03, delays=0.01/0.01/0/0, dsn=5.0.0, status=bounced (org)
NOQUEUE: reject: RCPT from 124-11-194-47.dynamic.tfn.net.tw[124.11.194.47]: 554 5.7.1 <sseenndd1201@yahoo.com.hk>: Relay access denied; from=<n5ff85y6jj@yahoo.com> to=<sseenndd1201@yahoo.com.hk> proto=SMTP helo=<>
4B2AEDA04B5: to=<zimbra@org>, relay=none, delay=0.06, delays=0.04/0.01/0/0.01, dsn=5.0.0, status=bounced (org)
4B2AEDA04B5: sender non-delivery notification: 593F4DA04B6
593F4DA04B6: to=<zimbra@org>, relay=none, delay=0.05, delays=0.01/0/0/0.04, dsn=5.0.0, status=bounced (org)

just a few for examples.

The spam messages from Tech Svc Account start off with this

Quote:

Put TOGI on your screen, and pay close attention !

Tornado Gold International Corp

Syml: TOGI
Current Value: $0.05
Short Term Tarrget: $0.55
Long Term Tarrget: $1.00
Industry: Gold Mining

Wednesday volume : 1M
Tuesday volume : 1.1M

Tornado Gold International Corp ( TOGI . PK ), an exploration stage company,
engages in the acquisition and exploration of mining prospects, primarily
gold in Nevada. The Company has interests in 16 properties, which comprise
of approximately 45,000 acres located in the North-Central Nevada area.
One of these properties, 'Illipah' is believed to contain up to 7ml ounces of
gold. TOGI has so far been able to extract 37,000 ounces of gold. Another property
is an exiting mine that was in production, but was forced to shut down due to
technological inefficiencies that now been resolved and production has begun
to commence once again.

We expect huge gains from new announcements this week.

We are giving TOGI our highest rating of 5 stars and stress to follow it closely.

and then have some sort of new snippets after it like this one for example.

Quote:

CNNs Flavia Taggiasco in Rome Italy and Alessio Vinci in Ankara contributed to this report

Copyright 2006 CNN All rights reservedThis material may not be published broadcast rewritten or
redistributed Associated Press contributed to this report
TAMPA Florida (CNN) -- Eight former employees of the Bay County Sheriffs
Office were charged Tuesday with aggravated manslaughter in the death of
a 14-year-old at a Florida boot camp for juvenile offenders
State Attorney Mark Ober said seven former guards and a nurse are accused of
causing the death of Martin Anderson by culpable negligence If convicted each could face up to 30 years in prison
Anderson collapsed January 5 at the sheriffs office Boot Camp program in Panama
City Florida He had complained of breathing difficulties while running around a

It's weird way to spam perhaps it piggy backing another message or news update.

[uxbod]

Do you happen to use that account for mailing lists at all ? If it was a *true* catch all account then you would probably have a lost more SPAM in it With respect to the second email you have posted then my assumption would be that the spammers are attempting to poison your Bayes. If the SPAMs are always from the same email address then you have two choices 1) Create a custom SA rule based on the address and score high 2) Have a look at the blacklist section in Improving Anti-spam system - Zimbra :: Wiki

[Mad Professor]

Quote:

Originally Posted by uxbod

Do you happen to use that account for mailing lists at all ? If it was a *true* catch all account then you would probably have a lost more SPAM in it

Nope strictly a client to tech base, I set this account up awhile go but I haven't start using it yet, so my email address hasn't been given out to anybody and/or only 1 or 2 people I know have it.

Quote:

Originally Posted by uxbod

With respect to the second email you have posted then my assumption would be that the spammers are attempting to poison your Bayes.

I'm not familiar with that term, please enlighten me.

Quote:

Originally Posted by uxbod

If the SPAMs are always from the same email address then you have two choices 1) Create a custom SA rule based on the address and score high 2) Have a look at the blacklist section in Improving Anti-spam system - Zimbra :: Wiki

Well that's the problem all the messages are trying to get to "sseenndd1201@yahoo.com.hk" but they are coming from different domains and ip's.

But I'll take a look at the wiki and see what I can do.