RE: relay attempts?


Subject: RE: relay attempts?
From: James Zuelow (jamesz@ideafamilies.org)
Date: Wed Aug 28 2002 - 12:44:47 AKDT


> -----Original Message-----
> Aug 27 22:32:47 www sendmail[19673]: g7S6WkL19673: ruleset=check_rcpt,
> arg1=<ddd9080@aol.com>, relay=port-212-202-152-2.reverse.qsc.de
> [212.202.152.2], reject=550 5.7.1 <ddd9080@aol.com>... Relaying denied
> Aug 27 22:32:48 www sendmail[19673]: g7S6WkL19673: ruleset=check_rcpt,
> arg1=<lucid1@flash.net>, relay=port-212-202-152-2.reverse.qsc.de
> [212.202.152.2], reject=550 5.7.1 <lucid1@flash.net>... Relaying denied
>
> Other than the two minute session of 200 attempts, I typically get about
> one attempt like this once a week or so on average. Is this anything to
> be worried about, or should I just ignore them like the IIS virus
> attempts that make up 95% of my apache logs? :)
>
> Thanks,
> Justin
>

I get those every month or so. It is just a random spammer looking for open
relays. I look at is as a kind of service - as long as I keep seeing the
550 relaying denies errors in my logs, I know that I don't have to submit my
IP to ordb for testing. :) Of course I usually get ONE attempt, not 200
over a period of minutes. Sounds like a script kiddie that doesn't know how
to configure his script.

If you want to complain to someone about them, complain to the admins on the
recipient address. The sender might be spoofed, but whoever is doing the
scanning will eventually have to check their mail to see if any relays got
through. For what it's worth I managed to get an account terminated two
weeks ago for attempting relays on my server, so there are some small
victories to be had in the battle against spam.

Cheers,

James

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Wed Aug 28 2002 - 12:45:15 AKDT