Looking through email logs for this week, I noticed someone attempted to send email from IP address 211.32.91.234 to an email list on the system that I invalidated over a month ago. The email was coming from an IP address that appears to belong to a South Korean Internet Service Provider (ISP), which was suspicious, sine the address was only supposed to be known by 4 to 5 people in an office of an organization in the U.S. The office was closed down at the end of last year.
The email was blocked because the sending IP address was on a blacklist that I use to curtail spam coming into the email server. When I checked the IP address against other blacklists, I found it was present on several lists. The system may be running an open SOCKS proxy service.
[ More Info ]
