nanog mailing list archives
Re: Transparent hijacking of SMTP submission...
From: Marcin Cieslak <saper () saper info>
Date: Sat, 29 Nov 2014 21:43:33 +0000
On Thu, 27 Nov 2014, joel jaeggli wrote:
I don't see this in my home market, but I do see it in someone else's... I kind of expect this for port 25 but... J@mb-aye:~$telnet 147.28.0.81 587 Trying 147.28.0.81... Connected to nagasaki.bogus.com. Escape character is '^]'. 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014 19:17:44 GMT ehlo bogus.com 250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net [XXX.XXX.XXX.XXX], pleased to meet you 250 ENHANCEDSTATUSCODES
Seen some anti-virus software (on Windows) doing this. You might not be running Windows though. Some home router with some "security improvement" ? //Marcin
Current thread:
- Re: Transparent hijacking of SMTP submission..., (continued)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)
- Re: Transparent hijacking of SMTP submission... Jean-Francois Mezei (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... John Levine (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... joel jaeggli (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 30)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)
- Re: Transparent hijacking of SMTP submission... Randy Bush (Nov 29)