[plug] open relay
Russell Steicke
r.steicke at bom.gov.au
Tue Jul 29 15:50:59 WST 2003
On Tue, Jul 29, 2003 at 01:31:46PM +0800, Jon Miller wrote:
> Thanks Ryan. I registered and ran the test and it showed that my
> system is not an open relay. Now as I'm viewing the packets at my
> gateway using tethereal -i eth1 port 25 | grep -i helo. I can see all
> sorts of domains in this spam bomb attack. Is there a way to stop
> this attack? example:
> 145.560000 192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.sky-maps.com
> 166.180000 192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.myaver.com
192.168.3.1 is on your network, I guess. The SMTP HELO command is
issued by the SMTP client at the start of a mail transaction. So this
looks like something on your network sending mail out.
I'd have a close look at 192.168.3.1 to see why it's doing this.
--
Russell Steicke
-- Fortune says:
Nothing will ever be attempted if all possible objections must be first
overcome.
-- Dr. Johnson
More information about the plug
mailing list