nanog mailing list archives

"RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)


From: "Ryan K. Brooks" <ryan () inc net>
Date: Tue, 23 Jun 1998 10:57:28 -0500

Had a new box on the net for all of two hours, and this pops up on in my
maillog:

Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250
<relayfinder () fnord net>... Sender ok": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250
<relayfinder () fnord net>... Recipient ok": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "354 Enter
mail, end with "." on a line by itself": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: from=<relayfinder () fnord net>,
size=81, class=0, pri=30081, nrcpts=1, msgid=<199806230318.WAA00509@<MY
FQDN WAS HERE>>, proto=SMTP, relay=autumn.news.erols.com [207.172.3.57]
Jun 22 22:18:41 x sendmail[509]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250 WAA00509
Message accepted for delivery": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "503 Need MAIL
before RCPT": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "503 Need MAIL
command": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-Scan-Time: 898571908"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-CIDR-Block: <MY /16 WAS HERE>"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-Relay-Address: <MY IP ADDR WAS HERE>"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "."": Broken pipe
Jun 22 22:19:57 x sendmail[511]: WAA00509: to=<relayfinder () fnord net>,
delay=00:01:16, xdelay=00:01:16, mailer=esmtp, relay=luser.oneill.net.
[207.96.89.34], stat=Deferred: Operation timed out with
luser.oneill.net.

It looks to me like someone on the host at erols tried to relay through
me, and then mail the potential results to themselves at fnord.net
(relayed via oneill.net).

Is someone attempting to perform a community service here and scan the
entire Internet for relays, or are they collecting relays for evil
purposes?  I can see it now;  buy "10 million relay sites on a cdrom for
$9.99".

Ryan Brooks
ryan () inc net




Current thread: