"RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)

• Previous message (by thread): Interesting stratum 1 NTP clock
• Next message (by thread): "RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Had a new box on the net for all of two hours, and this pops up on in my
maillog:

Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250
<relayfinder at fnord.net>... Sender ok": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250
<relayfinder at fnord.net>... Recipient ok": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "354 Enter
mail, end with "." on a line by itself": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: from=<relayfinder at fnord.net>,
size=81, class=0, pri=30081, nrcpts=1, msgid=<199806230318.WAA00509@<MY
FQDN WAS HERE>>, proto=SMTP, relay=autumn.news.erols.com [207.172.3.57]
Jun 22 22:18:41 x sendmail[509]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250 WAA00509
Message accepted for delivery": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "503 Need MAIL
before RCPT": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "503 Need MAIL
command": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-Scan-Time: 898571908"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-CIDR-Block: <MY /16 WAS HERE>"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-Relay-Address: <MY IP ADDR WAS HERE>"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "."": Broken pipe
Jun 22 22:19:57 x sendmail[511]: WAA00509: to=<relayfinder at fnord.net>,
delay=00:01:16, xdelay=00:01:16, mailer=esmtp, relay=luser.oneill.net.
[207.96.89.34], stat=Deferred: Operation timed out with
luser.oneill.net.

It looks to me like someone on the host at erols tried to relay through
me, and then mail the potential results to themselves at fnord.net
(relayed via oneill.net).

Is someone attempting to perform a community service here and scan the
entire Internet for relays, or are they collecting relays for evil
purposes?  I can see it now;  buy "10 million relay sites on a cdrom for
$9.99".

Ryan Brooks
ryan at inc.net

• Previous message (by thread): Interesting stratum 1 NTP clock
• Next message (by thread): "RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]