Date: Sat, 28 Sep 2002 21:42:34 -0400 From: "MikeM" <myraq@mgm51.com> To: freebsd-stable@FreeBSD.ORG, "Andy Sparrow" <spadger@best.com>, "Mike Tibor" <tibor@tibor.org> Cc: "Heywood Jblome" <provencial1@yahoo.com>, freebsd-stable@FreeBSD.ORG, andy@CRWdog.demon.co.uk Subject: Re: Possible trojan since upgrade Message-ID: <200209282142340414.000E4F35@home.24cl.com> In-Reply-To: <20020929003417.5322C83@CRWdog.demon.co.uk> References: <20020929003417.5322C83@CRWdog.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/28/2002 at 5:34 PM Andy Sparrow wrote: >> On Fri, 27 Sep 2002, Heywood Jblome wrote: >> >> > -----------This is the entry in question-------- >> > Sep 27 13:44:40 medusa sm-mta[1742]: g8RIiXgt001742: >> > from=<root@zzzzzz.com>, size=0, class=0, nrcpts=1, >> > proto=ESMTP, daemon=MTA, relay=[202.80.192.29] >> >> Could this just be someone doing the following: >> >> telnet mx1.zzzzzz.com 25 >> helo blah >> mail from: <root@zzzzzz.com> >> quit > >Increasinly common spammer trick, as is hitting the lowest-numbered MX >in DNS /first/ (and often only) on the principle that it's less likely >to be well-secured.... ============= Do you mean the MX with the higher number, rather than lower number? For my domain, my backup MX is priority 100, my main MX is priority 0. Or do I have these critters set up backwards? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209282142340414.000E4F35>