Re: SMTP harrasment by nie2.infomail.es?

From: jrlpopat_private
Date: Mon Nov 25 2002 - 23:58:32 PST

Next message: Aaron Lewis: "RE: wu-ftpd attack ???"

Previous message: Aaron D. Lewis: "wu-ftpd attack ???"
In reply to: Hugo van der Kooij: "SMTP harrasment by nie2.infomail.es?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hugo van der Kooij wrote:

>Hi,
>
>Over the months I get burst of SMTP attempts from nie2.infomail.es that 
>seem to indicate a broken SMTP server.
>
>I reject email from them ever since complaints about spam were bounced as 
>critical users like postmaster were not present.
>
>However them seem to ignore the SMTP specs and resend messages for a 
>period untill they give up. As shown in a sample of my log for the last 
>60 minutes alone:
>
>Nov 23 11:47:15 ultra1 sendmail[17464]: gANAlF517464: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
>Nov 23 12:03:03 ultra1 sendmail[17877]: gANB33517877: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
>Nov 23 12:14:11 ultra1 sendmail[18492]: gANBEB518492: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
>Nov 23 12:27:45 ultra1 sendmail[18724]: gANBRj518724: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
>Nov 23 12:44:06 ultra1 sendmail[19010]: gANBi6519010: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
>
>Could someone verify this? 
>
>Hugo.
>
>  
>
Try reading the specs yourself :-) and change the error code from 570 to 
550. This might work better. See ftp://ftp.isi.edu/in-notes/rfc821.txt 
for why.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Aaron Lewis: "RE: wu-ftpd attack ???"
Previous message: Aaron D. Lewis: "wu-ftpd attack ???"
In reply to: Hugo van der Kooij: "SMTP harrasment by nie2.infomail.es?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 11:13:01 PST