Well, as a matter of fact, John Martoccio [EMAIL PROTECTED] just exploited a weakness in SMTPRCV and & AntiRelay, this morning, to relay a message through my machine. I don't think he would have known my whereabouts and use of IMS/AntiRelay/SMTPRCV if it weren't for my posting on this list.
In Log message: <[EMAIL PROTECTED]> [30/Jan/2004:07:47:56] 192.168.x.x theobhome <> [EMAIL PROTECTED] where "<>" was the only From: address listed in the log, and the source IP address was my mail server. John, would you like to explain what you're up to? If I don't hear from you on this list, I'll be calling your home phone number. Theo Barker -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of BSarton Sent: Friday, January 30, 2004 9:12 AM To: [email protected] Subject: Re: MyDoom & SMTPRCV Theo, I observe that your domain name is 3 letters long, so is mine. This might be the cause of our vulnerability against randomly generated fake user adresses I've long been asking myself "why does this append to me', but I've never suspected beeing on this list as a possible cause. In fact I was on the list long before this started to happen, in summer 2003. Benoit | Also, since I've been subscribed to this list and had SMTPRCV running I've | logged a bunch of attempts to send email to an invalid user. Is that a | feature of subscribing to the list or just that SMTPRCV logs it and SMTPRS | did not? This is the discussion list for the IMS Free email server software. To unsubscribe send mailto:[EMAIL PROTECTED] Delivered by Rockliffe MailSite http://www.rockliffe.com/mailsite Rock Solid Software (tm) This is the discussion list for the IMS Free email server software. To unsubscribe send mailto:[EMAIL PROTECTED] Delivered by Rockliffe MailSite http://www.rockliffe.com/mailsite Rock Solid Software (tm)
