Intellectual curiosity-type question: I think I've figured out most of the error codes in SIMS, but the following has me a bit puzzled. I believe what I have here is a spammer [ [EMAIL PROTECTED] ] testing for open relays by trying to relay to itself. SIMS defeated him, no problem!
Question #1: what is the meaning of the *Status codes? Does SIMS generate these or are they from OT? I see status 34, 22, 21, 25, 26, 23, 29, 1, and 2 within the transaction. Question #2: I was under the impression that SMTP used port 110 and POP3 uses port 25. But our spammer friend comes over on port 4558. How did he get through the firewall (IPNR on Mac), which has does not have this port enabled? Thanks in advance // Peter ------------------------ [snip] ---------------------------- 14:28:09 4 SMTP(tcp) Connection request from [61.73.23.134:4558],seq=10, 10/11 14:28:09 5 SMTP-011() Stream Created 14:28:09 5 SMTP(011) Resolver Created 14:28:09 4 SMTP Line 11 created for answering 14:28:09 4 SMTP-011() Got connection from [61.73.23.134:4558] 14:28:09 4 SMTP(tcp) Connection accepted from [61.73.23.134:4558], seq=10, 10/11 14:28:09 4 SMTP-011([61.73.23.134]) Sending 220-Stalker Internet Mail Server V.1.8b8 is ready.\r\n220 ESMTP is spoken here. You are welcome\r\n 14:28:09 5 SMTP-011([61.73.23.134]) OT 95 of 95 bytes sent, Flags=0 14:28:09 5 SMTP-011([61.73.23.134]) *Status=34 14:28:09 4 SMTP-011([61.73.23.134]) Looking for 134.23.73.61.sbl.spamhaus.org 14:28:09 5 SMTP-011([61.73.23.134]) *Status=34 14:28:09 4 SMTP-011([61.73.23.134]) Looking for 134.23.73.61.relays.ordb.org 14:28:09 5 SMTP-011([61.73.23.134]) *Status=34 14:28:09 4 SMTP-011([61.73.23.134]) Looking for 134.23.73.61.dialups.relays.osirusoft.com 14:28:09 5 SMTP-011([61.73.23.134]) *Status=34 14:28:09 4 SMTP-011([61.73.23.134]) Looking for 134.23.73.61.korea.services.net 14:28:09 1 SMTP-011([61.73.23.134]) SPAM? Host is blacklisted per RBL korea.services.net with result [127.0.0.2] 14:28:09 5 SMTP-011([61.73.23.134]) *Status=22 14:28:09 5 SMTP-011([61.73.23.134]) Received 13 bytes 14:28:09 4 SMTP-011([61.73.23.134]) Input Line: ehlo hyunju\r 14:28:09 5 SMTP-011([61.73.23.134]) *Status=21 14:28:09 4 SMTP-011(hyunju) Looking for hyunju 14:28:10 3 SMTP-011(hyunju) Failed to verify. Real address is [61.73.23.134:4558] 14:28:10 4 SMTP-011(hyunju) Sending 250-thejonesfamily.org cannot verify hyunju\r\n250-HELP\r\n250-PIPELINING\r\n250-ETRN\r\n250 EHLO\r\n 14:28:10 5 SMTP-011(hyunju) OT 91 of 91 bytes sent, Flags=0 14:28:10 5 SMTP-011([61.73.23.134]) *Status=22 14:28:10 5 SMTP-011([61.73.23.134]) Received 6 bytes 14:28:10 4 SMTP-011([61.73.23.134]) Input Line: Rset\r 14:28:10 4 SMTP-011([61.73.23.134]) Sending 250 SMTP state reset\r\n 14:28:10 5 SMTP-011([61.73.23.134]) OT 22 of 22 bytes sent, Flags=0 14:28:10 5 SMTP-011([61.73.23.134]) *Status=22 14:28:10 5 SMTP-011([61.73.23.134]) Received 32 bytes 14:28:10 4 SMTP-011([61.73.23.134]) Input Line: Mail from:<[EMAIL PROTECTED]>\r 14:28:10 5 SMTP-011([61.73.23.134]) *Status=25 14:28:10 5 SMTP-011([61.73.23.134]) *Status=26 14:28:10 4 SMTP-011([61.73.23.134]) Sending 250 <[EMAIL PROTECTED]> sender accepted\r\n 14:28:10 5 SMTP-011([61.73.23.134]) OT 42 of 42 bytes sent, Flags=0 14:28:10 5 SMTP-011([61.73.23.134]) *Status=23 14:28:11 5 SMTP-011([61.73.23.134]) Received 30 bytes 14:28:11 4 SMTP-011([61.73.23.134]) Input Line: RCPT to:<[EMAIL PROTECTED]>\r 14:28:11 1 SMTP-011([61.73.23.134]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "Die Korean Spammers Die Die Die" 14:28:11 4 SMTP-011([61.73.23.134]) Sending 591 No mail will be accepted. Your host is in a Black List. Die Korean Spammers Die Die Die\r\n 14:28:11 5 SMTP-011([61.73.23.134]) OT 93 of 93 bytes sent, Flags=0 14:28:11 5 SMTP-011([61.73.23.134]) Received 6 bytes 14:28:11 5 SMTP-011([61.73.23.134]) Disconnect Received 14:28:11 5 SMTP-011([61.73.23.134]) Disconnect Confirmed 14:28:11 4 SMTP-011([61.73.23.134]) Input Line: Quit\r 14:28:11 5 SMTP-011([61.73.23.134]) *Status=29 14:28:11 4 SMTP-011([61.73.23.134]) Sending 221 thejonesfamily.org closing connection\r\n 14:28:11 5 SMTP-011([61.73.23.134]) OT 43 of 43 bytes sent, Flags=0 14:28:11 5 SMTP-011([61.73.23.134]) *Status=1 14:28:11 4 SMTP-011([61.73.23.134]) Closing 14:28:11 4 SMTP-011([61.73.23.134]) Nothing read - stream closed 14:28:11 4 SMTP-011([61.73.23.134]) Input Stream ended 14:28:11 5 SMTP-011([61.73.23.134]) *Status=2 14:28:11 4 SMTP disposing line 11 14:28:11 5 SMTP(011) Resolver Disposed 14:28:11 5 SMTP-011([61.73.23.134]) Stream Disposed ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
