[courier-users] DOS attack/probe? - Rod Collen - net.sourceforge.lists.courier-users

4 messages in net.sourceforge.lists.courier-users[courier-users] DOS attack/probe?

From	Sent On	Attachments
Rod Collen	Jun 29, 2002 7:27 pm
Sam Varshavchik	Jun 29, 2002 9:24 pm
Jason Haar	Jul 2, 2002 5:43 pm
Rod Collen	Jul 2, 2002 6:23 pm

Subject:	[courier-users] DOS attack/probe?
From:	Rod Collen (ro...@imagesphere.com)
Date:	Jun 29, 2002 7:27:39 pm
List:	net.sourceforge.lists.courier-users

This might be a tad off topic, but I got a few strange lines in the maillog and I wanted another opinion and could think of no better place to ask.

Does this look like an attack or a probe looking for an open relay... or do you think its just badly formatted mail? I find it strange and a little amusing.

courieresmtpd: error,relay=::ffff:66.169.236.188,msg="554 Syntax error - your mail software violates RFC 821.",cmd: MAIL FROM: anti...@mail.com. courieresmtpd: error,relay=::ffff:66.169.236.188,msg="502 ESMTP command error",cmd: RCPT TO: ig...@pacbell.net. courieresmtpd: error,relay=::ffff:66.169.236.188,msg="502 ESMTP command error",cmd: DATA courieresmtpd: error,relay=::ffff:66.169.236.188,msg="502 ESMTP command error",cmd: SUBJECT: Anti-Relay Notification. courieresmtpd: error,relay=::ffff:66.169.236.188,msg="502 ESMTP command error",cmd: ATTENTION OWNER OF MAIL SERVER:. courieresmtpd: writev: Connection reset by peer

Before you ask, no, this machine is not an open relay and never has been :) Also, pacbell.net is obviously(?) not a local domain of mine.

Thanks, Rod

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets