[IP] more on 25,000 ton spam relay, with photos of it!]

[Dave Farber <dave@xxxxxxxxxx>]

Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Tue, 16 Dec 2003 10:16:42 -0500
From: Suresh Ramasubramanian <suresh@xxxxxxxxxx>
Subject: Re: [IP] 25,000 ton spam relay, with photos of it!]
To: dave@xxxxxxxxxx
Cc: Rich Kulawiec <rsk@xxxxxxx>

Dave Farber  writes on 12/16/2003 10:08 AM:

>  > or some nice-and-secure Windows box in the construction drydocks, running
>  > Microsoft Exchange Internet Mail Service Version 5.5.2653.13

Not just Exchange. That "no.name.available" and "via smtpd (for [connecting 
ip]) header suggests that the exchange box is frontended with a raptor 
firewall.

I have seen more than one misconfigured raptor frontending an already 
secure mailserver (not just your average insecure exchange / IIS box) turn 
the mailserver it frontends into an open relay.

        srs

>  > H: Received: from no.name.available by avnavfw.lpd17.navsea.navy.mil
>  > H:        via smtpd (for [209.181.16.1]) with SMTP; 16 Dec 2003 
> 05:53:08 UT
>  > H: Received: from avnavfw.AVONDALE (205.67.231.5 [205.67.231.5]) by
>  > H:     swn-email.lpd17.navy.mil with SMTP (Microsoft Exchange Internet 
> Mail
>  > H:     Service Version 5.5.2653.13)


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/