Security Incidents mailing list archives
Re: FW: Postmaster notify: User unknown
From: Jim Roland <jroland () ROLAND NET>
Date: Tue, 19 Dec 2000 13:15:24 -0600
Not entirely odd. A frequent trick of spammers is to "test" a system first to see if it's an open relay. If it attempts to pass an email through an open relay (returning 550 errors for a domain that you're not a part of, and you're not authenticated on the mail server), then you have an open relay. Lock your system down before you see real traffic get relayed. ----- Original Message ----- From: "Nexus" <nexus () PATROL I-WAY CO UK> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Tuesday, December 19, 2000 2:42 AM Subject: Re: FW: Postmaster notify: User unknown
Hi folks, Could be a brute force attempt to enumerate valid usernames, or maybe somethings silly like that - do you have the full, original SMTP header at all ? ie they may have been playing with the reply to: field and the like. That would be very useful in trying to establish what has occured. It is odd that you rec'd a bounced mail from a hotmail address Regards, JJ ----- Original Message ----- From: "Paul Snedden" <psnedden () GBMLOGIC COM AU> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Tuesday, December 19, 2000 1:14 AM Subject: FW: Postmaster notify: User unknown-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, This mail appeared in my Inbox last Friday morning. I present this unto you all for your evaluation and recommendation. I believe an intruder has accessed my email server for their own purposes. Am I correct?-----Original Message----- From: Mail Delivery Subsystem [mailto:MAILER-DAEMON () nsw gbmlogic com au] Sent: Thursday, December 14, 2000 9:53 PM To: postmaster () nsw gbmlogic com au Subject: Postmaster notify: User unknown The original message was received at Thu, 14 Dec 2000 21:53:06 +1100 from localhost ----- The following addresses had permanent fatal errors ----- <davidputty12 () hotmail com> ----- Transcript of session follows ----- ... while talking to mc5.law5.hotmail.com.:RCPT To:<davidputty12 () hotmail com><<< 550 Requested action not taken:user account inactive 550 <davidputty12 () hotmail com>... User unknown-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use <http://www.pgpinternational.com> iQA/AwUBOj4p0Xz2HXQUsCJOEQKSMgCgnY0fIToqS2kPqXjbdEZEQ2EXESUAoMm5 SQA//mRJpICpBtF8uBuXY0wh =OZhA -----END PGP SIGNATURE-----____________________________________________ http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions
Current thread:
- FW: Postmaster notify: User unknown Paul Snedden (Dec 18)
- Re: FW: Postmaster notify: User unknown Jay D. Dyson (Dec 19)
- Re: FW: Postmaster notify: User unknown Mike Lewinski (Dec 19)
- Re: FW: Postmaster notify: User unknown Mark Durham (Dec 19)
- Re: FW: Postmaster notify: User unknown Nexus (Dec 19)
- Re: FW: Postmaster notify: User unknown Jim Roland (Dec 19)
- Re: FW: Postmaster notify: User unknown RC (Dec 19)
- Re: FW: Postmaster notify: User unknown Jim Roland (Dec 19)
- <Possible follow-ups>
- Re: Postmaster notify: User unknown Mark Collins (Dec 19)
- Re: Postmaster notify: User unknown Jay D. Dyson (Dec 19)
- Re: FW: Postmaster notify: User unknown Jay D. Dyson (Dec 19)