Security Incidents mailing list archives

Fishing for open relays

From: John Pettitt <jpp () CLOUDVIEW COM>
Date: Tue, 31 Oct 2000 17:42:40 -0600

Anybody else been seeing this?  I've been getting a lot of "relay tests" of
late some look legit (AOL seems to be scanning for open relays) and some
like this one look bogus (why would joymail.com use a pac-bell DSL account?)

John

Date: Tue, 31 Oct 2000 15:35:09 -0800 (PST)
Subject: Postfix SMTP server: errors from
adsl-216-102-218-162.dsl.snfc21.pacbell.net[216.102.218.162]

Transcript of session follows.

 Out: 220 gatekeeper.cloudview.com ESMTP Postfix
 In:  HELO Scanner
 Out: 250 gatekeeper.cloudview.com
 In:  MAIL FROM: abusecheck () joymail com
 Out: 250 Ok
 In:  RCPT TO: mailservers () joymail com
 Out: 554 <mailservers () joymail com>: Recipient address rejected: Relay access
     denied

Session aborted, reason: lost connection



John Pettitt                                     Email: jpp () cloudview com

To the optimist, the glass is half full.
To the pessimist, the glass is half empty.
To the engineer, the glass is twice as big as it needs to be.
To the plumber, any liquid in the glass is potential income.

PGP keys on MIT & pgp.com servers.
Fingerprint: 81B5 446D 3E0E 1CDE 5A45  644A A744 54C4 7886 3658

Current thread:

Fishing for open relays John Pettitt (Nov 02)
- <Possible follow-ups>
- Re: Fishing for open relays Brett Glass (Nov 05)