Security Incidents mailing list archives

Re: SMTP harrasment by nie2.infomail.es?

From: "jrlpop () mail portland co uk" <jrlpop () mail portland co uk>
Date: Tue, 26 Nov 2002 08:58:32 +0100

Hugo van der Kooij wrote:

Hi,

Over the months I get burst of SMTP attempts from nie2.infomail.es thatseem to indicate a broken SMTP server.

I reject email from them ever since complaints about spam were bounced ascritical users like postmaster were not present.

However them seem to ignore the SMTP specs and resend messages for aperiod untill they give up. As shown in a sample of my log for the last60 minutes alone:


Nov 23 11:47:15 ultra1 sendmail[17464]: gANAlF517464: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:03:03 ultra1 sendmail[17877]: gANB33517877: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:14:11 ultra1 sendmail[18492]: gANBEB518492: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:27:45 ultra1 sendmail[18724]: gANBRj518724: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:44:06 ultra1 sendmail[19010]: gANBi6519010: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, 
relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also 
http://hvdkooij.xs4all.nl/email.cms

Could someone verify this?

Hugo.

Try reading the specs yourself :-) and change the error code from 570 to550. This might work better. See ftp://ftp.isi.edu/in-notes/rfc821.txtfor why.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

SMTP harrasment by nie2.infomail.es? Hugo van der Kooij (Nov 25)
- Re: SMTP harrasment by nie2.infomail.es? jrlpop () mail portland co uk (Nov 26)