SMTP harrasment by nie2.infomail.es?

From: Hugo van der Kooij (hvdkooijat_private)
Date: Sat Nov 23 2002 - 04:13:36 PST

Next message: H C: "RE: increased attacks on port 2599"

Previous message: Jonathan Bloomquist: "RE: Proxy server hit... Any ideas?"
Next in thread: jrlpopat_private: "Re: SMTP harrasment by nie2.infomail.es?"
Reply: jrlpopat_private: "Re: SMTP harrasment by nie2.infomail.es?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Over the months I get burst of SMTP attempts from nie2.infomail.es that 
seem to indicate a broken SMTP server.

I reject email from them ever since complaints about spam were bounced as 
critical users like postmaster were not present.

However them seem to ignore the SMTP specs and resend messages for a 
period untill they give up. As shown in a sample of my log for the last 
60 minutes alone:

Nov 23 11:47:15 ultra1 sendmail[17464]: gANAlF517464: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:03:03 ultra1 sendmail[17877]: gANB33517877: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:14:11 ultra1 sendmail[18492]: gANBEB518492: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:27:45 ultra1 sendmail[18724]: gANBRj518724: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
Nov 23 12:44:06 ultra1 sendmail[19010]: gANBi6519010: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms

Could someone verify this? 

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooijat_private		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: H C: "RE: increased attacks on port 2599"
Previous message: Jonathan Bloomquist: "RE: Proxy server hit... Any ideas?"
Next in thread: jrlpopat_private: "Re: SMTP harrasment by nie2.infomail.es?"
Reply: jrlpopat_private: "Re: SMTP harrasment by nie2.infomail.es?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 10:24:28 PST