Re: Fishing for open relays

[Brett Glass <brett () LARIAT ORG>]

It appears that a spammer is conducting relay tests from his or
her DSL line. S/he is looking at the SMTP responses and may
also be using a "throw-away" Webmail account to "catch"
successfully relayed mail from the test. If s/he's smart, s/he
is only attempting to send mail to the Webmail account if the
server appears to have accepted the address for relaying.

The correct course of action is to complain to the DSL provider,
who should find this to be ample grounds to terminate the
account.

--Brett Glass

At 04:42 PM 10/31/2000, John Pettitt wrote:

> Anybody else been seeing this?  I've been getting a lot of "relay tests" of
> late some look legit (AOL seems to be scanning for open relays) and some
> like this one look bogus (why would joymail.com use a pac-bell DSL account?)
>
> John
>
>
> > Date: Tue, 31 Oct 2000 15:35:09 -0800 (PST)
> > Subject: Postfix SMTP server: errors from
> > adsl-216-102-218-162.dsl.snfc21.pacbell.net[216.102.218.162]
> >
> > Transcript of session follows.
> >
> > Out: 220 gatekeeper.cloudview.com ESMTP Postfix
> > In:  HELO Scanner
> > Out: 250 gatekeeper.cloudview.com
> > In:  MAIL FROM: abusecheck () joymail com
> > Out: 250 Ok
> > In:  RCPT TO: mailservers () joymail com
> > Out: 554 <mailservers () joymail com>: Recipient address rejected: Relay access
> >     denied
> >
> > Session aborted, reason: lost connection
>
>
> John Pettitt                                     Email: jpp () cloudview com
>
> To the optimist, the glass is half full.
> To the pessimist, the glass is half empty.
> To the engineer, the glass is twice as big as it needs to be.
> To the plumber, any liquid in the glass is potential income.
>
> PGP keys on MIT & pgp.com servers.
> Fingerprint: 81B5 446D 3E0E 1CDE 5A45  644A A744 54C4 7886 3658