Security Incidents mailing list archives
Re: SMTP harrasment by nie2.infomail.es?
From: "jrlpop () mail portland co uk" <jrlpop () mail portland co uk>
Date: Tue, 26 Nov 2002 08:58:32 +0100
Hugo van der Kooij wrote:
Try reading the specs yourself :-) and change the error code from 570 to 550. This might work better. See ftp://ftp.isi.edu/in-notes/rfc821.txt for why.Hi,Over the months I get burst of SMTP attempts from nie2.infomail.es that seem to indicate a broken SMTP server.I reject email from them ever since complaints about spam were bounced as critical users like postmaster were not present.However them seem to ignore the SMTP specs and resend messages for a period untill they give up. As shown in a sample of my log for the last 60 minutes alone:Nov 23 11:47:15 ultra1 sendmail[17464]: gANAlF517464: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms Nov 23 12:03:03 ultra1 sendmail[17877]: gANB33517877: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms Nov 23 12:14:11 ultra1 sendmail[18492]: gANBEB518492: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms Nov 23 12:27:45 ultra1 sendmail[18724]: gANBRj518724: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms Nov 23 12:44:06 ultra1 sendmail[19010]: gANBi6519010: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cmsCould someone verify this?Hugo.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- SMTP harrasment by nie2.infomail.es? Hugo van der Kooij (Nov 25)
- Re: SMTP harrasment by nie2.infomail.es? jrlpop () mail portland co uk (Nov 26)