[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: sendmail forgery

From: Ramon Gandia <rfg nook net>
To: redhat-list redhat com
Subject: Re: sendmail forgery
Date: Thu, 08 Apr 1999 22:50:37 -0800

Kai-Min Sung wrote:
> 
> Lately I've noticed repeated entries in my /var/spool/maillog looking like
> this:
> 
> maillog:Apr 7 21:16:33 host sendmail[12802]: VAA12802:
> ruleset=check_mail, arg 1=<sd000001 polbox com>, relay=smtp2.polbox.com
> [195.116.6.12] (may be forged), reject=451 <sd000001 polbox com>... Sender
> domain must resolve

I get the following information (doesn't look like polbox):

--------------------- begin screen dump-------------------------------

**rfg amber[/]$ whois 195 116 6 0 whois arin net
[whois.arin.net]
European Regional Internet Registry/RIPE NCC (NETBLK-RIPE-C)
   These addresses have been further assigned to European users.
   Contact information can be found in the RIPE database, via the
   WHOIS and TELNET servers at whois.ripe.net, and at
   http://www.ripe.net/db/whois.html

   Netname: RIPE-CBLK3
   Netblock: 195.0.0.0 - 195.255.255.0
   Maintainer: RIPE

   Coordinator:
      RIPE Network Coordination Centre  (RIPE-NCC-ARIN)  nicdb RIPE NET
      +31 20 535 4444
Fax- - +31 20 535 4445

   Domain System inverse mapping provided by:

   NS.RIPE.NET                  193.0.0.193
   NS.EU.NET                    192.16.202.11
   AUTH03.NS.UU.NET             198.6.1.83
   NS2.NIC.FR                   192.93.0.4
   SUNIC.SUNET.SE               192.36.148.18
   MUNNARI.OZ.AU                128.250.1.21
   NS.APNIC.NET                 203.37.255.97

   To search on arbitrary strings, see the Database page on
   the RIPE NCC web-site at http://www.ripe.net/db/

   Record last updated on 16-Oct-98.
   Database last updated on 8-Apr-99 16:13:42 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and nic.mil for NIPRNET Information.
-------------------end screen dump---------------------------------

My guess its a spammer trying you out for size!

-- 
Ramon Gandia ================= Sysadmin ================ Nook Net
http://www.nook.net                                  rfg nook net
285 West First Avenue                           tel. 907-443-7575
P.O. Box 970                                    fax. 907-443-2487
Nome, Alaska 99762-0970 ========== Alaska Toll Free. 888-443-7525

References:
- sendmail forgery
  - From: Kai-Min Sung

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]