lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun Oct 30 13:09:51 2005
From: trains at doctorunix.com (trains@...torunix.com)
Subject: Funny smtp helo in the logs

Quoting Aditya Deshmukh <aditya.deshmukh@...ine.gateway.strangled.net>:

> I have been seeing this in my logs over all the public smtp server, from
> all over the net.
>
> Anyone know what sends these kinds of helo ?
>
> 124 09/10/2005 09:54:35 HELO -1209283632  --->  250 my.smtp.domain.server
> 125 09/10/2005 09:55:27 HELO -1209747464  --->  250 my.smtp.domain.server

<snip>

> 02D 29/10/2005 20:39:12 HELO -1208865784  --->  250 my.smtp.domain.server
> 017 30/10/2005 11:21:26 HELO -1216191992  --->  250 my.smtp.domain.server

they look like ip addresses to me (1216191992 => 72.125.157.248 ).  I 
checked a few and they weren't smpt listeners.  I  would go for the 
possibility that your mail server is being used as part of a reporting 
mechanism to notify the mother ship of vulnerable or infected IP 
addresses.

-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact:    services@...torunix.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ