Postgres Pro
Downloads
Home   >   mailing lists

Thread: Re: your mail

Re: your mail

From
"Gavin M. Roy"
Date:
My next guess would be some sort of web based software that is being
exploited to send mail.  Zope perhaps?  What sites are running off of
srv2 and have any type of comment form that sends emails?

Gavin

On Dec 10, 2005, at 11:36 PM, Marc G. Fournier wrote:

>
> First I've seen of this, sorry it was overlooked ...
>
> But, borg isn't an open relay:
>
> %rlytest -f scrappy@postgresql.org -u scrappy@hub.org
> borg.postgresql.org
> Connecting to borg.postgresql.org ...
> <<< 220 borg.postgresql.org ESMTP Sendmail 8.13.1/8.13.1; Sat, 10
> Dec 2005 23:31:26 -0800 (PST)
>>>> HELO postgresql.org
> <<< 250 borg.postgresql.org Hello postgresql.org [200.46.204.71],
> pleased to meet you
>>>> MAIL FROM:<scrappy@postgresql.org>
> <<< 250 2.1.0 <scrappy@postgresql.org>... Sender ok
>>>> RCPT TO:<scrappy@hub.org>
> <<< 550 5.7.1 <scrappy@hub.org>... Relaying denied
> rlytest: relay rejected - final response code 550
>
>
> And I just checked svr2.postgresql.org, and she's closed from what
> I can tell also:
>
> # telnet svr2.postgresql.org smtp
> Trying 65.19.161.25...
> Connected to svr2.postgresql.org.
> Escape character is '^]'.
> 220 svr2.postgresql.org ESMTP Postfix
> ehlo hub.org
> 250-svr2.postgresql.org
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
> 250 8BITMIME
> mail from: scrappy@hub.org
> 250 Ok
> rcpt to: scrappy@freebsd.org
> 554 <scrappy@freebsd.org>: Relay access denied
>
>
> Is there something else I should be testing/checking for?
>
>
>

Re: your mail

From
"Marc G. Fournier"
Date:
On Sat, 10 Dec 2005, Gavin M. Roy wrote:

> My next guess would be some sort of web based software that is being
> exploited to send mail.  Zope perhaps?  What sites are running off of srv2
> and have any type of comment form that sends emails?

Ah, okay ... that I'll have to defer to Dave et al ... Zope is running
over there for techdocs, and there was that python script that we just
recently found ... I'm having a bugger of a time reading the email(s) you
sent, since I can't seem to find where one ends and the next starts ...
the ones I've been able to 'pick out' all seem to revolve around the
1st/2nd of December ... Magnus/Dave, was that about the same time that we
found those errant processes?


  >
> Gavin
>
> On Dec 10, 2005, at 11:36 PM, Marc G. Fournier wrote:
>
>>
>> First I've seen of this, sorry it was overlooked ...
>>
>> But, borg isn't an open relay:
>>
>> %rlytest -f scrappy@postgresql.org -u scrappy@hub.org borg.postgresql.org
>> Connecting to borg.postgresql.org ...
>> <<< 220 borg.postgresql.org ESMTP Sendmail 8.13.1/8.13.1; Sat, 10 Dec 2005
>> 23:31:26 -0800 (PST)
>>>>> HELO postgresql.org
>> <<< 250 borg.postgresql.org Hello postgresql.org [200.46.204.71], pleased
>> to meet you
>>>>> MAIL FROM:<scrappy@postgresql.org>
>> <<< 250 2.1.0 <scrappy@postgresql.org>... Sender ok
>>>>> RCPT TO:<scrappy@hub.org>
>> <<< 550 5.7.1 <scrappy@hub.org>... Relaying denied
>> rlytest: relay rejected - final response code 550
>>
>>
>> And I just checked svr2.postgresql.org, and she's closed from what I can
>> tell also:
>>
>> # telnet svr2.postgresql.org smtp
>> Trying 65.19.161.25...
>> Connected to svr2.postgresql.org.
>> Escape character is '^]'.
>> 220 svr2.postgresql.org ESMTP Postfix
>> ehlo hub.org
>> 250-svr2.postgresql.org
>> 250-PIPELINING
>> 250-SIZE 10240000
>> 250-VRFY
>> 250-ETRN
>> 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
>> 250 8BITMIME
>> mail from: scrappy@hub.org
>> 250 Ok
>> rcpt to: scrappy@freebsd.org
>> 554 <scrappy@freebsd.org>: Relay access denied
>>
>>
>> Is there something else I should be testing/checking for?
>>
>>
>>
>

----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email: scrappy@hub.org           Yahoo!: yscrappy              ICQ: 7615664