Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [SPAM] [Full-Disclosure] Spam sent via spambots?
From: James Riden (j.ridenmassey.ac.nz)
Date: Mon Nov 01 2004 - 13:33:21 CST
Hugo van der Kooij <hvdkooijvanderkooij.org> writes:
> Sendmail logs also show a significant number of false recipients which
> are known to be part of worms that are by now over 6 months old. Like:
> Nov 1 07:16:06 gandalf sendmail: iA16G3QU017575: ruleset=check_rcpt, arg1=<maryvanderkooij.org>, relay=[22.214.171.124], reject=550 5.7.0 <maryvanderkooij.org>... - REJECTED: KEEP YOUR VIRUS JUNK!; SEE ALSO: http://hvdkooij.xs4all.nl/email.cms
> Nov 1 07:16:07 gandalf sendmail: iA16G3QU017575: lost input channel from [126.96.36.199] to MTA after rcpt
> Nov 1 07:16:07 gandalf sendmail: iA16G3QU017575: from=<mariatencent.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[188.8.131.52]
> If there are that many worms going around it only shows how easy it is to
> write your own little SMTP engine. Spammers may have deployed similar
A lot of stuff out there will also HELO as <yourdomain>, or the IP
address of your MX. I'm pretty sure it's a worm, because I can't think
how any MTA/MUA could be that broken.
James Riden / j.ridenmassey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
Full-Disclosure - We believe in it.