[prev] [thread] [next] [lurker] [Date index for 2006/10/23]
On Oct 23, 2006, at 12:22 PM, Nicholas Clark wrote: > > When it dies down a bit, are you able to log the HELO strings from > this > hateware, such that it can be made public and shamed by name? I did a quick count of connections per IP address, and after a telnet to port 25 on the top 10 or so, there's three that stand out: 1. mail servers that identify themselves with "220 WebShield SMTP MR2" 2. mail servers that identify themselves with "220 mail.example.com WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Mon Oct 23 19:48:19 2006" (with appropiate values for "mail.example.com" of course) and less useful, but least often of the three: 3, mail servers that identify themselves with "220 SMTP service ready" I even got a few that identified themselves as a Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713, but I've long given up being amazed by the amount of misconfiguration you can do with microsoft products. So if you're evaluating mail server software, I'd advice dropping Network Associates from your considerations. I'm considering adding a new A record for "niet.com", pointing to "127.0.0.1". Let them choke in their own garbage... -JohnThere's stuff above here
Generated at 07:01 on 24 Oct 2006 by mariachi 0.52