this has been going on for weeks. i believe they're all open proxies or spambots.
(some of us use this as an oracle for open proxies.) On Wed, Dec 28, 2005 at 04:39:14PM -0500, max wrote: > Hello all, > I find this inmy logs throughout the day today: > > Dec 28 16:35:52 finn postfix/smtpd[13320]: NOQUEUE: reject: RCPT from > pcp0012209034pcs.blairblvd.tn.nash.comcast.net[69.245.57.210]: 501 > <-1217882552>: Helo command rejected: Invalid name; from=<[EMAIL PROTECTED]> > to=<[EMAIL PROTECTED]> proto=SMTP helo=<-1217882552> > > Notice that helo section is a negative number (which is why my postfix > rejects the message) > There are about 5 messages a minute at its peak, and this has been going on > most of the day today (EST time zone) > Some of the connecting IP's are listed in various black lists, such as OPM. > > Has anyone noticed this as well? Is this a virus or just some new spam tool? > Some more rejected messages below: > > Dec 28 16:37:50 finn postfix/smtpd[34627]: NOQUEUE: reject: RCPT from > cpe-66-75-65-130.socal.res.rr.com[66.75.65.130]: 501 <-1218008120>: Helo > command rejected: Invalid name; from=<[EMAIL PROTECTED]> to=<[EMAIL > PROTECTED]> proto=SMTP helo=<-1218008120> > > Dec 28 16:37:54 finn postfix/smtpd[13320]: NOQUEUE: reject: RCPT from > unknown[219.130.49.89]: 554 Service unavailable; Client host [219.130.49.89] > blocked using opm.blitzed.org; Open proxy - see > http://opm.blitzed.org/219.130.49.89; from=<[EMAIL PROTECTED]> to=<[EMAIL > PROTECTED]> proto=SMTP helo=<-1209697480> > > Dec 28 16:38:10 finn postfix/smtpd[34627]: NOQUEUE: reject: RCPT from > 194-144-9-218.du.xdsl.is[194.144.9.218]: 501 <-1209697480>: Helo command > rejected: Invalid name; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> > proto=SMTP helo=<-1209697480> > > Thanks, > > Max
