Found this in our mail server logs:

relay=OWNED.HACKED.BITE.ME [IP removed], reject=550 5.7.1 No mail accepted from known spam hosts or exploited systems

This was a connection we rejected because the sending IP was on the Spamhaus XBL list of exploited systems. (Everything from reject on is the error message we returned.) Apparently whoever wrote the spam tool decided to advertise that fact when sending mail.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.