[TriLUG] Spam Probes. How does abc%xyz.com at mydomain.org work?
bp
bpevans at bellsouth.net
Wed Apr 9 09:00:47 EDT 2003
I know the discussion has been had about RR probing networks for open
relays and I personally don't have a problem with RR or anyone doing
this so long as it's a legitimate test not an attempt to actually relay
spam.
Today I noticed these entries in my mail log, 30 lines from today
actually. The only reason I bring this subject up is to ask why they
format the to line like this:
to=<relaytest%rr.njabl.org at itchy.kicks-ass.org> Is that expected to
proxy through on some mail servers? How does that type of addr work?
Apr 8 17:23:34 Itchy postfix/smtpd[25618]: 62570A4200:
client=before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]
Apr 8 17:23:45 Itchy postfix/smtpd[25618]: reject: RCPT from
before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]: 554
<relaytest%rr.njabl.org at itchy.kicks-ass.org>: Recipient address
rejected: Relay access denied; from=<relaytestsend at itchy.kicks-ass.org>
to=<relaytest%rr.njabl.org at itchy.kicks-ass.org>
Apr 8 17:29:08 Itchy postfix/smtpd[25618]: timeout after RCPT from
before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]
Apr 8 17:29:08 Itchy postfix/smtpd[25618]: disconnect from
before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]
-bp
More information about the TriLUG
mailing list