Ralf Hildebrandt wrote:
>
> On Mon, Mar 04, 2002 at 12:46:25AM +0300, Michael Tokarev wrote:
>
> > This will not work: it's open PROXIES, not open relays. Also, other
>
> You mean http proxies which are badly configured to proxy SMTP for
> anybody? Or machines with exploitable formmail.pl installations?

Pure proxies. Be it HTTP, SOCKS or WINPROXY. E.g. 211.250.195.2 (http 8080),
209.99.62.65 (socks 1080) etc. See e.g. http://spews.org/html/S456.html .
BTW, this 2 addresses are in relays.osirusoft.com db:

$ chkrbl 211.250.195.2 209.99.62.65
2.195.250.211.relays.osirusoft.com: 127.0.0.9
127.0.0.4 "Open Proxy: http(8080)" "[1] OpenProxy, see http://spews.org/ask.cgi?S456"
2.195.250.211.relays.ordb.org: not found.
65.62.99.209.relays.osirusoft.com: 127.0.0.9 "Open Proxy: socks v4(1080) socks v5(1080)"
65.62.99.209.relays.ordb.org: not found.
$ _

(chkrbl is a trivial shell script that uses host(1) to lookup an address).

And:

$ telnet 211.250.195.2 8080
Trying 211.250.195.2...
Connected to 211.250.195.2.
Escape character is '^]'.
CONNECT mail.corpit.ru:25 HTTP/1.0

HTTP/1.0 200 Connection established

220 mail.corpit.ru ESMTP Postfix (1.1.3)
quit
221 Bye
Connection closed by foreign host.
$ _

I see *dramatic* increase of various proxy usage for massive spam operations.
Currently, proxies used more often than open relays.

Regards,
 Michael.
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]