Date: Sat, 28 Sep 2002 17:34:17 -0700 From: Andy Sparrow <spadger@best.com> To: Mike Tibor <tibor@tibor.org> Cc: Heywood Jblome <provencial1@yahoo.com>, freebsd-stable@FreeBSD.ORG, andy@CRWdog.demon.co.uk Subject: Re: Possible trojan since upgrade Message-ID: <20020929003417.5322C83@CRWdog.demon.co.uk> In-Reply-To: Message from Mike Tibor <tibor@tibor.org> of "Sat, 28 Sep 2002 09:35:39 -0800." <20020928093120.N23987-100000@xena.mikey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_694685106P Content-Type: text/plain; charset=us-ascii > On Fri, 27 Sep 2002, Heywood Jblome wrote: > > > -----------This is the entry in question-------- > > Sep 27 13:44:40 medusa sm-mta[1742]: g8RIiXgt001742: > > from=<root@zzzzzz.com>, size=0, class=0, nrcpts=1, > > proto=ESMTP, daemon=MTA, relay=[202.80.192.29] > > Could this just be someone doing the following: > > telnet mx1.zzzzzz.com 25 > helo blah > mail from: <root@zzzzzz.com> > quit Increasinly common spammer trick, as is hitting the lowest-numbered MX in DNS /first/ (and often only) on the principle that it's less likely to be well-secured. Unfortunately, both tricks often work, as any perusal of slime filters for mail through an ISP account will readily demonstrate. > I don't really know what that would accomplish, but I've seen stranger > things. It'll beat some lame anti-relay implementations. Cheers, AS --==_Exmh_694685106P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE9lkqJPHh895bDXeQRAglxAKCXycw393nkoI6Sf7hWVkg+2eJfygCgias+ isdaZSbw3zvNkTKNApKa5qQ= =1vDi -----END PGP SIGNATURE----- --==_Exmh_694685106P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020929003417.5322C83>