Security Incidents mailing list archives

RE: Excess SMTP traffic to non-mail host

From: "NESTING, DAVID M (SBCSI)" <dn3723 () sbc com>
Date: Wed, 27 Mar 2002 10:51:11 -0600

Keep in mind that a steady, constant flow of e-mail traffic, depending upon
the configuration of the originating MTA, could show a steady increase in
the number of connections, since a transient SMTP error will result in
periodic retries.

It almost sounds like some spammers got ahold of an "open relay" list that
indicated (incorrectly, apparently) that this IP address was an open relay.

David

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Excess SMTP traffic to non-mail host Basil Hussain (Mar 27)
- Re: Excess SMTP traffic to non-mail host dr john halewood (Mar 27)
- Re: Excess SMTP traffic to non-mail host Chris Wilkes (Mar 27)
- <Possible follow-ups>
- RE: Excess SMTP traffic to non-mail host NESTING, DAVID M (SBCSI) (Mar 27)