The problem is, while [as I noted] 220 and 530 messages are valid SMTP responses on TCP 25, they are not to the best of my knowledge valid IDENT protocol messages. Since we're looking at the IDENT protocol and not SMTP here, I looked at the IDENT RFCs instead of the one you posted.
While it is remotely possible that one confused admin could do something to screw up the ident service in that manner, it seems unlikely, especially considering the multiple email servers this is coming from and the l33t "crew" name. Banners with the word "crew" are frequently seen with FTP warez. regards, Karl Levinson > -----Original Message----- > From: Levenglick, Jeff [mailto:[EMAIL PROTECTED] > > Ok.... It's a good thing we all read his message... > > He said mail server logs.... > > 220 is a valid MAIL server response. > see http://www.rfc-editor.org/rfc/rfc793.txt 220 <domain> Service > ready > > Where did ftp come from? __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
