From owner-freebsd-stable Sat Sep 28 17:34:23 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FE3537B401 for ; Sat, 28 Sep 2002 17:34:21 -0700 (PDT) Received: from CRWdog.demon.co.uk (slip-32-100-16-6.wa.us.prserv.net [32.100.16.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24E8043E6E for ; Sat, 28 Sep 2002 17:34:20 -0700 (PDT) (envelope-from spadger@best.com) Received: from localhost (localhost [127.0.0.1]) by CRWdog.demon.co.uk (Postfix) with ESMTP id 5322C83; Sat, 28 Sep 2002 17:34:17 -0700 (PDT) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Mike Tibor Cc: Heywood Jblome , freebsd-stable@FreeBSD.ORG, andy@CRWdog.demon.co.uk Subject: Re: Possible trojan since upgrade In-Reply-To: Message from Mike Tibor of "Sat, 28 Sep 2002 09:35:39 -0800." <20020928093120.N23987-100000@xena.mikey.net> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_694685106P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sat, 28 Sep 2002 17:34:17 -0700 From: Andy Sparrow Message-Id: <20020929003417.5322C83@CRWdog.demon.co.uk> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --==_Exmh_694685106P Content-Type: text/plain; charset=us-ascii > On Fri, 27 Sep 2002, Heywood Jblome wrote: > > > -----------This is the entry in question-------- > > Sep 27 13:44:40 medusa sm-mta[1742]: g8RIiXgt001742: > > from=, size=0, class=0, nrcpts=1, > > proto=ESMTP, daemon=MTA, relay=[202.80.192.29] > > Could this just be someone doing the following: > > telnet mx1.zzzzzz.com 25 > helo blah > mail from: > quit Increasinly common spammer trick, as is hitting the lowest-numbered MX in DNS /first/ (and often only) on the principle that it's less likely to be well-secured. Unfortunately, both tricks often work, as any perusal of slime filters for mail through an ISP account will readily demonstrate. > I don't really know what that would accomplish, but I've seen stranger > things. It'll beat some lame anti-relay implementations. Cheers, AS --==_Exmh_694685106P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE9lkqJPHh895bDXeQRAglxAKCXycw393nkoI6Sf7hWVkg+2eJfygCgias+ isdaZSbw3zvNkTKNApKa5qQ= =1vDi -----END PGP SIGNATURE----- --==_Exmh_694685106P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message