I don't know how the person got my server name/IP since the server is just online since a few days ...

Anyway, someone attempted to use my server to send spam. I noticed this today while checking my Exim rejectlog. There are 5 attempts sending around 50 mails from 2 different mail accounts each time.
Exim logged the sender IP in the rejectlog. Can anyone tell me where i can report this abuse? abuse@maildomains and/or tracing the source ip and also notify the dial-up provider?
I haven't reported such things before so my question may sound stupid ...

Any help is really appreciated.

thank you,
Matthias

Why don't you set mail relay to "require authorization"?

It happened to me before when I setted "open" on mail relay.
Now, I put it to require authorization.

smtp spam is common these days. an attacker can easily scan for open relay smtp port and spam from those addresses.

This is one reason we are really strict with our SMTP server. You can either allow mail relay to certain IP addresses, or if your mail server permits, assign username/password for SMTP authentication.

Patch your SMTP asap. believe me, you don't want to be in a blackhole list :)

The relay was already closed. This is my first box which is really on the net and i closed relay until i work out how the authentication works. I just assumed such abuse attempts should be reported somewhere or is this useless?

Any hints how to configure authentication on Debian Exim/qpopper are welcome ;)

Matthias

well if you have the ip you can attempt to trace the user down but i've found 99.9% of the time the spammers use free aol dialup time to do their spam so it's completly a waste of time to report it.

but of course if the ip points to a high speed provider like @home, etc then it might be worth the time to report. since these are more static it'll be easier to track down and they are more inclined to actually try to stop spammers becuase it does abuse their bandwidth.