25,000 ton amphibious spam relay

Suresh Ramasubramanian suresh at outblaze.com
Tue Dec 16 22:36:01 UTC 2003

Swaar, Matthew L.  writes on 12/16/2003 3:52 PM:

> E-mailing the DOD-CERT is also another way to try to get these things fixed.
> (...I'm not 100% certain that getting this fixed was the point of this, but
> I
> figured I'd point that out on the off chance.)
> I'm forwarding the header information of this spam to the appropriate folks.

Yup - and this was behind a Raptor firewall, which seems to have added 
to rather than subtracted from the general insecurity of an old exchange 
server, in this case.

>>   > H: Received: from no.name.available by avnavfw.lpd17.navsea.navy.mil
>>   > H:        via smtpd (for []) with SMTP; 16 Dec 2003 
>> 05:53:08 UT

The no.name.available and via smtpd in the top header say it all - and 
so much for smtp proxies trying to munge every single piece of version 
information in sight including the smtp banner, to ensure "security by 
obscurity" :)

>   > H: Received: from avnavfw.AVONDALE ( []) by
>   > H:     swn-email.lpd17.navy.mil with SMTP (Microsoft Exchange 
> Internet Mail
>   > H:     Service Version 5.5.2653.13)

Not that just plain old exchange of such an antique vintage would have 
been anything but secure, nosirree ...

srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

More information about the NANOG mailing list