[TriLUG] Spam Probes. How does abc%xyz.com at mydomain.org work?

bp bpevans at bellsouth.net
Wed Apr 9 09:00:47 EDT 2003


I know the discussion has been had about RR probing networks for open 
relays and I personally don't have a problem with RR or anyone doing 
this so long as it's a legitimate test not an attempt to actually relay 
spam.

Today I noticed these entries in my mail log,   30 lines from today 
actually.  The only reason I bring this subject up is to ask why they 
format the to line like this: 
to=<relaytest%rr.njabl.org at itchy.kicks-ass.org>   Is that expected to 
proxy through on some mail servers?  How does that type of addr work?

Apr  8 17:23:34 Itchy postfix/smtpd[25618]: 62570A4200: 
client=before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]
Apr  8 17:23:45 Itchy postfix/smtpd[25618]: reject: RCPT from 
before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]: 554 
<relaytest%rr.njabl.org at itchy.kicks-ass.org>: Recipient address 
rejected: Relay access denied; from=<relaytestsend at itchy.kicks-ass.org> 
to=<relaytest%rr.njabl.org at itchy.kicks-ass.org>
Apr  8 17:29:08 Itchy postfix/smtpd[25618]: timeout after RCPT from 
before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]
Apr  8 17:29:08 Itchy postfix/smtpd[25618]: disconnect from 
before-reporting-as-abuse-please-see-www.njabl.org[209.208.0.15]

-bp




More information about the TriLUG mailing list