Here's the "Session Transcript" that postfix (http://IMGate.MEIway.com) of our
"mail gateway 1" sent me when it rejected a relay attempt by an "alleged"
orbs mailer.
Got the same a while later for our other gateway, mgw2. Each gateway got
bombed rapidlhy with about 15 msgs.
They didn't test our Imail machine because, I guess, our Imail host is not
in DNS.
===============================================================================
Date: Fri, 5 May 2000 19:15:48 +0200 (CEST)
From: [EMAIL PROTECTED] (Mail Delivery System)
To: [EMAIL PROTECTED] (Postmaster)
Subject: Postfix Relay Hub SMTP server: errors from
relaytest.orbs.vuurwerk.nl[194.178.232.55]
:
:
:
Transcript of session follows.
Out: 220 mgw1.MEIway.com - ESMTP - Postfix Relay Hub - ATTN: UCE trespassers
will be pursued.
In: HELO relaytest.orbs.vuurwerk.nl
Out: 250 mgw1.MEIway.com
In: MAIL FROM:<[EMAIL PROTECTED]>
Out: 250 Ok
In: RCPT TO:<@mgw1.meiway.com:[EMAIL PROTECTED]>
Out: 554 <@mgw1.meiway.com:[EMAIL PROTECTED]>: Recipient address
rejected: Relay access denied
Session aborted, reason: lost connection
==========================================================================
Here's the dig for the above, ip. Looks legitimate:
dig -x 194.178.232.55
; <<>> DiG 8.2 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 55.232.178.194.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
55.232.178.194.in-addr.arpa. 20h23m27s IN PTR relaytest.orbs.vuurwerk.nl.
;; AUTHORITY SECTION:
232.178.194.in-addr.arpa. 20h23m27s IN NS ns.vuurwerk.nl.
232.178.194.in-addr.arpa. 20h23m27s IN NS ns2.vuurwerk.nl.
;; ADDITIONAL SECTION:
ns.vuurwerk.nl. 4D IN A 194.178.232.2
ns2.vuurwerk.nl. 17h39m36s IN A 194.178.232.3
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
