hehe, didnt even notice max untill i hit reply...
the this be a screwy way to get some poor implementation of gethostbyname() (windows?) to interpret as an ip address? i vaguely recall an ie flaw a few years back doing something similar to disguise urls.. but i think they were removing dots like this: http://19216818/pornsite.html dont remember -phar On Thu, 2005-12-29 at 00:33 -0800, [EMAIL PROTECTED] wrote: > this has been going on for weeks. > > i believe they're all open proxies or spambots. > > (some of us use this as an oracle for open proxies.) > > On Wed, Dec 28, 2005 at 04:39:14PM -0500, max wrote: > > Hello all, > > I find this inmy logs throughout the day today: > > > > Dec 28 16:35:52 finn postfix/smtpd[13320]: NOQUEUE: reject: RCPT from > > pcp0012209034pcs.blairblvd.tn.nash.comcast.net[69.245.57.210]: 501 > > <-1217882552>: Helo command rejected: Invalid name; from=<[EMAIL > > PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<-1217882552> > > > > Notice that helo section is a negative number (which is why my postfix > > rejects the message) > > There are about 5 messages a minute at its peak, and this has been going on > > most of the day today (EST time zone) > > Some of the connecting IP's are listed in various black lists, such as OPM. > > > > Has anyone noticed this as well? Is this a virus or just some new spam tool? > > Some more rejected messages below: > > > > Dec 28 16:37:50 finn postfix/smtpd[34627]: NOQUEUE: reject: RCPT from > > cpe-66-75-65-130.socal.res.rr.com[66.75.65.130]: 501 <-1218008120>: Helo > > command rejected: Invalid name; from=<[EMAIL PROTECTED]> to=<[EMAIL > > PROTECTED]> proto=SMTP helo=<-1218008120> > > > > Dec 28 16:37:54 finn postfix/smtpd[13320]: NOQUEUE: reject: RCPT from > > unknown[219.130.49.89]: 554 Service unavailable; Client host > > [219.130.49.89] blocked using opm.blitzed.org; Open proxy - see > > http://opm.blitzed.org/219.130.49.89; from=<[EMAIL PROTECTED]> to=<[EMAIL > > PROTECTED]> proto=SMTP helo=<-1209697480> > > > > Dec 28 16:38:10 finn postfix/smtpd[34627]: NOQUEUE: reject: RCPT from > > 194-144-9-218.du.xdsl.is[194.144.9.218]: 501 <-1209697480>: Helo command > > rejected: Invalid name; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> > > proto=SMTP helo=<-1209697480> > > > > Thanks, > > > > Max
