Re: [courier-users] Re: DOS attack/probe? - Rod Collen - net.sourceforge.lists.courier-users

4 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Re: DOS attack/pr...

From	Sent On	Attachments
Rod Collen	Jun 29, 2002 7:27 pm
Sam Varshavchik	Jun 29, 2002 9:24 pm
Jason Haar	Jul 2, 2002 5:43 pm
Rod Collen	Jul 2, 2002 6:23 pm

Subject:	Re: [courier-users] Re: DOS attack/probe?
From:	Rod Collen (ro...@imagesphere.com)
Date:	Jul 2, 2002 6:23:44 pm
List:	net.sourceforge.lists.courier-users

You'll see crap like that in the mail logs from an attempted spam run through an open HTTP proxy. This is where you've got an open HTTP proxy, and you send it a GET http://destination:25

Better spell it out Sam. "You don't have an open-relay SMTP server, but you *probably* have an open PROXY server". That is *majorly* worse than an open-relay as it means people can - say - gateway access to your internal servers via it (that's ANY internal server - telnet, smtp, web, etc)

Fix that proxy server :-)

No. No open proxy here. Actually, no proxy here at all. And that request originated outside of my network. These lines where definitely errors and no mail was delivered.

I believe this was just a probe to see if the machine was open. There was only one request like this and the only result was a few errors in the logs.

--Rod

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets