ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Levels of proposals

2015-12-04 16:19:26
On 12/04/2015 02:18 PM, Ned Freed wrote:

We're also getting reports of activities that look like attempts to trick
MTAs into relay through the use of oddball address formats, some legal,
some not. Not sure if this is what you're seeing or not.

What you're describing sounds like old-school open relay trickery. Indeed, what you could be seeing is decade or older open relay testers being used to scan for "buggy" open relay prevention.

What I'm seeing isn't that at all. What I see is more like "for everybody I want to spam (address A), pick another address (address B), connect to address B's MX, forge the email to be From: address B, and attempt to get B's MX to relay to address A".

However, it's possible that what I'm seeing would shift gears to more obvious trickery if the first attempt failed. It you see the same IP hitting more normal relay rejects before trying the oddball addresses, it could be.

If you sent me a log record or received string[s] (off-forum please) I can probably tell for sure.

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp