[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: sendmail forgery

From: Nikki Cook <sunny mail suntrix com>
To: redhat-list redhat com
Subject: Re: sendmail forgery
Date: Fri, 09 Apr 1999 06:04:43 -0400

Hi Kai,

It doesn't resolve here either.  They only have a 1/2 Class C according to
RIPE, so they probably aren't handling their own forward and/or there's a
problem with their uplink handling their dns.

To address your "why", I suspect Ramon's first post was accurate, unless
you have an account holder that lives in Poland, who uses Polbox On-Line
Service Provider as their provider.  :)

HTH,

Nikki

--------------------------------
% Rights restricted by copyright. See http://www.ripe.net/db/dbcopyright.html

inetnum:     195.116.6.0 - 195.116.6.127
netname:     POLBOX3
descr:       Polbox On-Line Service Provider
descr:       Warszawa
country:     PL
admin-c:     MFK1-RIPE
tech-c:      WM64-RIPE
status:      ASSIGNED PA
mnt-by:      AS5617-MNT
changed:     wmalek cst tpsa pl 19990223
source:      RIPE

route:       195.116.0.0/16
descr:       TPNET (PL)
descr:       Provider Local Registry
origin:      AS5617
notify:      konradpl zt piotrkow tpsa pl
mnt-by:      AS5617-MNT
changed:     konradpl zt piotrkow tpsa pl 970303
source:      RIPE

person:      Michal Krzeminski
address:     Polbox On-Line Service
address:     Astronomow 3
address:     01-450 Warsaw, Poland
phone:       +48 22 360259
phone:       +48 22 361061
phone:       +48 22 372166
fax-no:      +48 22 360259
e-mail:      mike polbox pl
nic-hdl:     MFK1-RIPE
remarks:     Polbox Network Administrator
changed:     mike polbox com pl 960719
changed:     mike uucp polbox pl 980123
source:      RIPE

person:      Wojciech Malek
address:     TP S.A. Centrum Systemow Teleinformatycznych
address:     ul. Nowogrodzka 47a
address:     00-695 Warszawa
address:     Poland
phone:       +48 22 6224559
fax-no:      +48 22 6252383
e-mail:      wmalek cst tpsa pl
nic-hdl:     WM64-RIPE
changed:     wmalek cst tpsa pl 960910
source:      RIPE

At 02:17 AM 4/9/99 , you wrote:
>Lately I've noticed repeated entries in my /var/spool/maillog looking like
>this:
>
>maillog:Apr 7 21:16:33 host sendmail[12802]: VAA12802:
>ruleset=check_mail, arg 1=<sd000001 polbox com>, relay=smtp2.polbox.com
>[195.116.6.12] (may be forged), reject=451 <sd000001 polbox com>... Sender
>domain must resolve 
>
>-Kai
>FMG Research Group
>UCLA
>kaimin fmg cs ucla edu

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
              SunTrix Com Internet Services
                   Daytona Beach, Florida
       PPP and Shell Accounts (904) 258-5434
     WEB Design webdesign mail suntrix com
                  http://www.suntrix.com
                  WEBBnet IRC Network
           irc.webbnet.org | irc.us.webbnet.org
          ftp://ftp.suntrix.com | mail.suntrix.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:
- sendmail forgery
  - From: Kai-Min Sung

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]