Security Incidents mailing list archives
Re: Fishing for open relays
From: Brett Glass <brett () LARIAT ORG>
Date: Wed, 1 Nov 2000 11:56:40 -0700
It appears that a spammer is conducting relay tests from his or her DSL line. S/he is looking at the SMTP responses and may also be using a "throw-away" Webmail account to "catch" successfully relayed mail from the test. If s/he's smart, s/he is only attempting to send mail to the Webmail account if the server appears to have accepted the address for relaying. The correct course of action is to complain to the DSL provider, who should find this to be ample grounds to terminate the account. --Brett Glass At 04:42 PM 10/31/2000, John Pettitt wrote:
Anybody else been seeing this? I've been getting a lot of "relay tests" of late some look legit (AOL seems to be scanning for open relays) and some like this one look bogus (why would joymail.com use a pac-bell DSL account?) JohnDate: Tue, 31 Oct 2000 15:35:09 -0800 (PST) Subject: Postfix SMTP server: errors from adsl-216-102-218-162.dsl.snfc21.pacbell.net[216.102.218.162] Transcript of session follows. Out: 220 gatekeeper.cloudview.com ESMTP Postfix In: HELO Scanner Out: 250 gatekeeper.cloudview.com In: MAIL FROM: abusecheck () joymail com Out: 250 Ok In: RCPT TO: mailservers () joymail com Out: 554 <mailservers () joymail com>: Recipient address rejected: Relay access denied Session aborted, reason: lost connectionJohn Pettitt Email: jpp () cloudview com To the optimist, the glass is half full. To the pessimist, the glass is half empty. To the engineer, the glass is twice as big as it needs to be. To the plumber, any liquid in the glass is potential income. PGP keys on MIT & pgp.com servers. Fingerprint: 81B5 446D 3E0E 1CDE 5A45 644A A744 54C4 7886 3658
Current thread:
- Fishing for open relays John Pettitt (Nov 02)
- <Possible follow-ups>
- Re: Fishing for open relays Brett Glass (Nov 05)