Re: [Asrg] SMTP server connections that disconnect right away

Yakov Shafranovich wrote:

At 11:17 AM 6/27/2003 -0400, Chris Lewis wrote:

Bill Thorson wrote:

ASRG Group,
I've been working on smtp server software and have
noticed something very strange.  We seem to have many
connections made, mostly at night, who connect to
port 25 and then disconnect right after the
220 Server Ready message.   I was believing that I
had a bug in my software but now I am wondering if
this is a bot of some type.   Do spammers run bots
to search for and create lists of mail servers to
attack?  Is this what I'm seeing?



The SMTP "channel" is unbelievably dirty.

On our spamtrap, we see machines making _thousands_ of transactionsthat consist of only:

        HELO somevalue
        QUIT

Have you considering the possibility that they are checking forRMX/rDNS compliance?

Thanks for all the great ideas.  It looks like I'm not alone with these
types of unusual connections.

What is RMX/rDNS?

Bill




_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[Asrg] 6 - Designated Relays Inquiry Protocol (DRIP), Raymond S Brand

Next by Date:

[Asrg] The Solution To Spam - The First Response, Mark McCarron

Previous by Thread:

Re: [Asrg] SMTP server connections that disconnect right away, Yakov Shafranovich

Next by Thread:

Re: [Asrg] SMTP server connections that disconnect right away, Chris Lewis

Indexes:

[Date] [Thread] [Top] [All Lists]