Re: Am I running an open relay?

To: debuser <debian-user@lists.debian.org>
Subject: Re: Am I running an open relay?
From: dman <dman@dman.ddts.net>
Date: Sat, 6 Apr 2002 08:38:04 -0600
Message-id: <[🔎] 20020406143804.GA6801@dman.ddts.net>
Mail-followup-to: debuser <debian-user@lists.debian.org>
In-reply-to: <[🔎] 1018101481.20759.2.camel@enterprise>
References: <[🔎] 1018101481.20759.2.camel@enterprise>

On Sat, Apr 06, 2002 at 02:58:00PM +0100, Patrick Kirk wrote:
| 
| My inbox has about 12 of these...does it mean I've been hacked or that
| the relay attempt failed?  I though I had Exim locked down nicely but
| someone has used port 25 if I read "enterprise.kirks.net with smtp (Exim
| 3.35 #1 (P Kirk))" correctly.
| 
| -----Forwarded Message-----
| 
| From: Mail Delivery System <Mailer-Daemon@enterprise-hr.com>
| To: nobody@[ 217.35.40.123 ]
| Subject: Mail delivery failed: returning message to sender
| Date: 05 Apr 2002 05:29:06 +0100
| 
| This message was created automatically by mail delivery software (Exim).
| 
| A message that you sent could not be delivered to one or more of its
| recipients. This is a permanent error. The following address(es) failed:
| 
|   listme%dsbl.org@[217.35.40.123]
|     unknown local-part "listme%dsbl.org" in domain "[217.35.40.123]"

This is a good message to get -- it shows that someone is trying to
have your "open relay" register itself at dsbl.org, but your system
doesn't relay with the "percent hack" trick.  If you were an open
relay (by that method, at least), then it would have sent the message
on and you wouldn't have seen an error message.

| ------ This is a copy of the message, including all the headers. ------
| 
| Return-path: <nobody@[217.35.40.123]>
| Received: from 2-057.ctame701-1.telepar.net.br
| 	([200.193.160.57] helo=surriel.com ident=wfxnjr)
| 	by enterprise.kirks.net with smtp (Exim 3.35 #1 (P Kirk))
| 	id 16tLLV-0003Z9-00
| 	for <listme%dsbl.org@[217.35.40.123]>; Fri, 05 Apr 2002 05:29:05 +0100
| Message-ID: <6839cgD6QvH1tqiQODyEuQGHn9TFZAdi@surriel.com>
| Date: Fri, 5 Apr 2002 4:28:14 +0000
| To: <listme@dsbl.org>
| Subject: Open Relay Test Message
| From: nobody@[217.35.40.123]
| 
| DSBL LISTME: smtp
| 6839cgD6QvH1tqiQODyEuQGHn9TFZAdi
| MAIL FROM:<nobody@[217.35.40.123]>
| RCPT TO:<listme%dsbl.org@[217.35.40.123]>
| DSBL END

Where did this come from!?  Last I saw there was no way to get a
cookie (that second line with "junk" characters") and there is no
contact information at dsbl.org.  I made a script to make formmail
sites list themselves, but I need a way to get a cookie for it to
work.  Right now I can't even find any DNS information for dsbl.org,
so I can't check their web site.

-D 

-- 

Commit to the Lord whatever you do,
and your plans will succeed.
        Proverbs 16:3


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Am I running an open relay?
  - From: Patrick Kirk <patrick@kirks.net>
- Re: Am I running an open relay?
  - From: Gary Turner <kk5st@swbell.net>

References:
- Am I running an open relay?
  - From: Patrick Kirk <patrick@kirks.net>

Prev by Date: Re: ATI Radeon 8500 on Debian Woody?
Next by Date: debian reinstallation
Previous by thread: Am I running an open relay?
Next by thread: Re: Am I running an open relay?
Index(es):
- Date
- Thread