At 12:17 PM 4/9/2003 +0100, Matt Sergeant wrote:
This is a bogus assumption. It's much easier to test an open proxy by
testing it can connect somewhere you own, not check that you can relay
mail through it. I have no idea why a spammer would try the latter since
it's much *much* slower. Or you'd even test it can access a known web
site, like google.
Can you explain why a spammer might try an email first rather than just
check the proxy is functioning?
Sorry, I didn't read the whole thing.
I can't explain, but all he did was HELO and QUIT, no message. It makes
some small amount of sense to verify you can get through the proxy to port
25 someplace, I suppose, but for the real answer you'd need to ask Mr. Spammer.
It was a doubly dumb thing for the spammer to do. First dumb is that of
all the IPs he could have picked he picked mine, where I pay attention to
the logs. The second dumb is that my MTA is old and stupid - it can only
listen to one source at a time. At the time of these tests the MTA was
also busy accepting relay spam so the testing spammer would have to wait
until that long, long transaction finished to make his connection. That
was delayed. As he surely did it using an automated procedure the effect
was just one of inefficiency - he didn't lose personal time.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg