On Thursday, Jun 12, 2003, at 03:11 America/Los_Angeles, James H. Thompson wrote:
Personally I don't like having to try "connecting back" when we get an incoming connection; there are just too many things that can go wrong and having done a big open relay test I know I don't want to bother with the billion emails asking what I'm up to. :-)
For your spam example, try "CONNECT x.x.x.x:25 HTTP/1.0" where x.x.x.x is the address of some mailserver you own. If you get the SMTP banner, your suspicions are confirmed.
Devin made a plugin ("check_earlytalker") that tries to detect those as the request is begin received:
http://xrl.us/jhb (Link to cvs.perl.org)
- ask
-- http://www.askbjoernhansen.com/