Complaint about spam originating from my server - tor-relays

13 Dec 2012


      Hello all,
  I follow the guide for avoiding abuse notices, and generally I only
get 1/year of the DMCA variety. However, I recently received this
complaint, which appears to show spam originating from my Tor server
(209.188.113.101 / tor-proxy.anfani.com). As far as I know, port 25 is
blocked on my exit policy. Port 587 is allowed. I do have a mail server
running on this machine, but it does not accept outside connections.
Is there something I am missing? Is there anything else I should do to
prevent this in the future? Could there be some way that a Tor user
could locally send mail using my server?
Thanks,
  --Brock
-------- Original Message --------
Subject: 	RES: Fwd: Olá
Date: 	Thu, 13 Dec 2012 14:41:22 +0000 (UTC)
From: 	abuse@terra.com.br
To: 	Luis Barzon barzon@terra.com.br
CC: 	network-abuse@cc.yahoo-inc.com, brock@anfani.com
Prezado Usuário,
O Departamento de Abuse do Terra trabalha seriamente para proteger seus
assinantes contra abusos cometidos por terceiros. Nosso objetivo é
proporcionar segurança aos nossos Clientes, evitando e impedindo o mau
uso da Internet, através dos servidores Terra.
Em relação a sua reclamação, informamos que após análise, identificamos
que o responsável não pertence ao Terra.Nesses casos identificamos o
administrador e encaminhamos a incidência para a devida tratativa.
Salientamos que as devidas ações corretivas passam a ser de
responsabilidade do administrador da rede identificada.
Para o seu conhecimento, o endereço de contato que encaminhamos a
incidência é: network-abuse@cc.yahoo-inc.com
mailto:network-abuse@cc.yahoo-inc.com, brock@anfani.com
mailto:brock@anfani.com
Atenciosamente,
Rafael Doyle
Equipe de Segurança Terra - Depto. de Abuse
abuse@terra.com.br mailto:abuse@terra.com.br
SAN - Servico de Atendimento Nacional
Fax: (51) 3287-9087
------------ Mensagem Original ------------
*De:* Luis Barzon [barzon@terra.com.br];abuse@terra.com.br
*Enviada em:* 11/12/2012 15:15:49
*Para:* abuse@terra.com.br
*Assunto:* Fwd: Olá
=?iso-8859-1?Q?
Return-Path:_web02689@att.net
received:_from_[10.235.200.103]_by_preston.tpn.terra.com_(LMTP);_Tue,_11_Dec_2012_12:26:19_+0000_(UTC)
received:_from_if00-mail-sr03-mia.mta.terra.com_(if00-mail-sr03-mia.mta.terra.com_[208.84.243.10])_by_1n7.tpn.terra.com_(Postfix)_with_ESMTP_id_C790122CC_for_barzon@terra.com.br;_Tue,_11_Dec_2012_12:26:18_+0000_(UTC)
received:_from_ochaua.tpn.terra.com_(unknown_[10.235.200.126])_by_mail-sr03-mia.tpn.terra.com_(Postfix)_with_ESMTP_id_190696002271_for_barzon@terra.com.br;_Tue,_11_Dec_2012_12:26:16_+0000_(UTC)
received:_by_ochaua.tpn.terra.com_(Postfix,_from_userid_520)_id_17A1D229EFAAC;_Tue,_11_Dec_2012_12:26:16_+0000_(UTC)
received:_from_[10.235.200.97]_by_ochaua.tpn.terra.com_(LMTP);_Tue,_11_Dec_2012_12:26:15_+0000_(UTC)
received:_from_nm17-vm0.bullet.mail.gq1.yahoo.com_(nm17-vm0.bullet.mail.gq1.yahoo.com_[98.137.177.224])_by_1j4.tpn.terra.com_(Postfix)_with_ESMTP_id_5A96DC0000DFA_for_waleria.luis@itelefonica.com.br;_Tue,_11_Dec_2012_12:25:02_+0000_(UTC)
received:_from_[98.137.12.55]_by_nm17.bullet.mail.gq1.yahoo.com_with_NNFMP;_11_Dec_2012_11:54:56_-0000
received:_from_[98.139.44.79]_by_tm15.bullet.mail.gq1.yahoo.com_with_NNFMP;_11_Dec_2012_11:54:56_-0000
received:_from_[127.0.0.1]_by_omp1016.access.mail.sp2.yahoo.com_with_NNFMP;_11_Dec_2012_11:54:56_-0000
received:_(qmail_60874_invoked_by_uid_60001);_11_Dec_2012_11:54:56_-0000
received:_from_[209.188.113.101]_by_web184904.mail.gq1.yahoo.com_via_HTTP;_Tue,_11_Dec_2012_03:54:56_PST
X-Terra-Karma:_0%
X-Terra-Hash:_5d0acc65d08e1a21e9e416133fc07644
X-Terra-Delivered-To:_6972688#perm!vivodiscbrlm
X-Yahoo-Newman-Property:_ymail-3
X-Yahoo-Newman-Id:_716919.82230.bm@omp1016.access.mail.sp2.yahoo.com
Dkim-Signature:_v=1;_a=rsa-sha256;_c=relaxed/relaxed;_d=att.net;_s=s1024;_t=1355226896;_bh=7Ocy5nwKIISVUmGV43vB0i1iNVN39I1mHkdz3VPVAFE=;_h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;_b=0eDgFzVzb+Is8oPpjwC7X7ykXEwP1vqK/KsMDuq6G031UGtMUoUEWjrbWvkP/tKStZS97RKSOYJIE1qQgMEGI20mvh9kdbTAlmoPjGwqaBIEYLmL9f7/Q1XCDiJm5cfPhFd/h5gn0ZUnCySIrkWtz2lBu8MGN1PMKASROPpG+40=
Domainkey-Signature:_a=rsa-sha1;_q=dns;_c=nofws;__s=s1024;_d=att.net;__h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;__b=k3zX4zTRmj4a+jDcq+hmrP16lkRdtgX/yE2X3sueOVGLvbhnzLcVv/BL36y5nKhGPVCRhAqLpgCTJcxtYlcPXwqGSioqqso+tTm2D3Erses151z2aE3O0Zh6h9rVPUC4dqpOa5hObz9Xk8JqvvhsL6iUEQ845+OhFclyx3dSvSE=;
X-Ymail-Osg:_bt8QfNYVM1k4GHRsx7y5pfUGNSY6POK5unpLV_C31c4vkp__wiUd09OX7vaDxaaiyySoyCgUEVGfXdTTl80vwJw6IPtOfHpuS0EG_l86Hxyx_vym.CY7gciAimFEEoWBpvWo7QWAwqsVQPv7soRtipZBxkFXCCX2PtUGsQrkI_XAOwfJggidaSr3gtWqG3UTWBq2ncBnZOKX2UrowDDWI_fxuExXmq34owVBCQ_iAnR3RdyhAULqzrDic5WJdJtZFxmDUM9x957AYKvCX7XZZU99Zo5w0w.QdCL_H.XFp1W_mqhW07Y_zSDOZovHJZoWZliXJFc3LZPbeRWhRjCPlm3UrJYKyY3m_s0LvztqJP_kN.xenaemuhGfD0tZLKwGJXKRWDTc7CkJ6MOscOeS.ByYdUxJG_LI4aoTrmi2UJfQ.bcOzn7eU5h3bzIx9qUJ5adHil_8M3SI5wE8LpDdkSZPJQ_7z7D_yRyQap1qel8fK_4sKScaeTDKEsSH31ZEBWQYwcmzZMvMOvxVETA.2RX_5fbK8QLeCADZ5cLQxBHhObi1.IYT0FMM37nUNfrZg1V2Tt0lWUn3kh8pP7jh_QCmg1y7vH0WwDGdDeKWhI07pf8z8e1NlEJ9Z1jTnISKVuHodZa5cpGOPssPG_7QePJvqaBTDLrc3uewNOvnj_e53jnQPEKCexdGBa5K.hMwmCJ79Otno5GXtp_Faro-
X-Rocket-Mimeinfo:_001.001,DQoNCk9sw6ENCgpCb20gdGUgY29uaGVjZXIsIEV1IHNvdSBNaXNzIEZsb3VyZW5jZSwgZXUgZ29zdGFyaWEgZGUgdMOqLWxvIGNvbW8gbWV1IGFtaWdvLCBwb3IgZmF2b3IsIHZvY8OqIHBvZGVyaWEgdm9sdGFyIHBhcmEgbWltIHBhcmEgbWFpcyBkZXRhbGhlcyBkbyBtZXUgZXUsIGUgdG9kb3MgdGFsdmV6IG5lY2Vzc8OhcmlvIGVtIHJlbGHDp8OjbyBpbmNsdXNpdmUgYSBtaW5oYSBpbWFnZW0sIHNlIGVzdGUgaW50ZXJlc3NlIHF1ZSB2b2PDqiB2b2x0YXIgcGFyYSBtaW0gLiBzZXUgRmxvdXJlbmNlLg0KCi4BMAEBAQE-
X-Mailer:_YahooMailClassic/15.1.1_YahooMailWebService/0.8.128.478
Message-Id:_1355226896.58713.YahooMailClassic@web184904.mail.gq1.yahoo.com
Date:_Tue,_11_Dec_2012_03:54:56_-0800_(PST)
From:_Fl_Dosi_web02689@att.net
Reply-To:_flourencedosi@yahoo.co.uk
Subject:_?= Olá
To:_undisclosed_recipients:_;
X-Clx-Rate-Response:_fh=1j4;_fi=10.235.200.250:2001;_rg=B;_GT=-934589197;_fs=45;_ns=164;_id=BFBwyXX6-BB122532k;_rv=7182/208.84.242.250:14051;_ts=H/Mq6;_gv=-25;_fp=IC46g;_gd=1;_fl=IAA;_ip=98.137.177.224;_he=NiDDbon0Jbq;_ht=1;_nt=0;_ho=Drk85SdDLJY;_hd=EmCVu0/pq3k;_hf=KuHCD1QD89G;_hF=EeGv2Nz5zhR;_hj=GOnAt8y/c4h;_hr=EiVSUfo4L9J;_ZM=KIpT9Tbxt6G;_ZB=GSe9x8zMeYG;_ZB=IKbBeAtS5zj;_ZB=Ei/hJgabWx3;_ZB=GJeEnTMQT26;_ZB=Mru7Qx7UNOT;_ZF=C5pWnNZauWE;_Zi=GVxvNHWVzGA;
X-Clx-Id:_a113GLF9X16I0VH-BB122538
X-Abaca-Is-Spam:_false
X-Abaca-Spam:_45
X-Terra-Client-Ip:_98.137.177.224
X-Milter-Version:_master.39-g1fd3ecd+
Content-Type:_multipart/alternative;_boundary="514226816-1910405447-1355226896=:58713"
X-Terra-Spam:_No
X-Terra-Rec-Key:_YmFyem9uQHRlcnJhLmNvbS5icg==
Mime-Version:_1.0
*
-----_Original_Message_-----
From:_Fl_Dosi_web02689@att.net
To:_undisclosed_recipients:_;
Cc:_
Sent:_Ter_11/12/12_08:54
Subject:_Fwd:_Olá
*
Olá
Bom_te_conhecer,_Eu_sou_Miss_Flourence,_eu_gostaria_de_tê-lo_como_meu_amigo,_por_favor,_você_poderia_voltar_para_mim_para_mais_detalhes_do_meu_eu,_e_todos_talvez_necessário_em_relação_inclusive_a_minha_imagem,_se_este_interesse_que_você_voltar_para_mim_._seu_Flourence.
..................................................................................
Hello
Nice_Meeting_You,_i_am_miss_Flourence,_i_wish_to_have_you_as_my_friend,_please_could_you_get_back_to_me_for_more_detail_of_my_self,_and_all_maybe_necessary_in_relationship_including_my_picture,_if_this_interest_you_get_back_to_me.yours_Flourence.