| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: j.riden at massey.ac.nz (James Riden) Subject: [SPAM] Spam sent via spambots? Hugo van der Kooij <hvdkooij@...derkooij.org> writes: > Sendmail logs also show a significant number of false recipients which > are known to be part of worms that are by now over 6 months old. Like: > > Nov 1 07:16:06 gandalf sendmail[17575]: iA16G3QU017575: ruleset=check_rcpt, arg1=<mary@...derkooij.org>, relay=[221.232.95.12], reject=550 5.7.0 <mary@...derkooij.org>... - REJECTED: KEEP YOUR VIRUS JUNK!; SEE ALSO: http://hvdkooij.xs4all.nl/email.cms > Nov 1 07:16:07 gandalf sendmail[17575]: iA16G3QU017575: lost input channel from [221.232.95.12] to MTA after rcpt > Nov 1 07:16:07 gandalf sendmail[17575]: iA16G3QU017575: from=<maria@...cent.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[221.232.95.12] > > If there are that many worms going around it only shows how easy it is to > write your own little SMTP engine. Spammers may have deployed similar > backdoors/trojans/bots/... A lot of stuff out there will also HELO as <yourdomain>, or the IP address of your MX. I'm pretty sure it's a worm, because I can't think how any MTA/MUA could be that broken. -- James Riden / j.riden@...sey.ac.nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/
Powered by blists - more mailing lists