Security Incidents mailing list archives

SMTP harrasment by nie2.infomail.es?

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Sat, 23 Nov 2002 13:13:36 +0100 (CET)

Hi,

Over the months I get burst of SMTP attempts from nie2.infomail.es that 
seem to indicate a broken SMTP server.

I reject email from them ever since complaints about spam were bounced as 
critical users like postmaster were not present.

However them seem to ignore the SMTP specs and resend messages for a 
period untill they give up. As shown in a sample of my log for the last 
60 minutes alone:

Nov 23 11:47:15 ultra1 sendmail[17464]: gANAlF517464: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:03:03 ultra1 sendmail[17877]: gANB33517877: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:14:11 ultra1 sendmail[18492]: gANBEB518492: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:27:45 ultra1 sendmail[18724]: gANBRj518724: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:44:06 ultra1 sendmail[19010]: gANBi6519010: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms

Could someone verify this? 

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

SMTP harrasment by nie2.infomail.es? Hugo van der Kooij (Nov 25)
- Re: SMTP harrasment by nie2.infomail.es? jrlpop () mail portland co uk (Nov 26)