On 12/04/2015 02:18 PM, Ned Freed wrote:
We're also getting reports of activities that look like attempts to trick
MTAs into relay through the use of oddball address formats, some legal,
some not. Not sure if this is what you're seeing or not.
What you're describing sounds like old-school open relay trickery.
Indeed, what you could be seeing is decade or older open relay testers
being used to scan for "buggy" open relay prevention.
What I'm seeing isn't that at all. What I see is more like "for
everybody I want to spam (address A), pick another address (address B),
connect to address B's MX, forge the email to be From: address B, and
attempt to get B's MX to relay to address A".
However, it's possible that what I'm seeing would shift gears to more
obvious trickery if the first attempt failed. It you see the same IP
hitting more normal relay rejects before trying the oddball addresses,
it could be.
If you sent me a log record or received string[s] (off-forum please) I
can probably tell for sure.
ietf-smtp mailing list