North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

"RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)

  • From: Ryan K. Brooks
  • Date: Wed Jun 24 11:41:36 1998

Had a new box on the net for all of two hours, and this pops up on in my
maillog:

Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250
<[email protected]>... Sender ok": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250
<[email protected]>... Recipient ok": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "354 Enter
mail, end with "." on a line by itself": Broken pipe
Jun 22 22:18:41 x sendmail[509]: WAA00509: from=<[email protected]>,
size=81, class=0, pri=30081, nrcpts=1, msgid=<[email protected]<MY
FQDN WAS HERE>>, proto=SMTP, relay=autumn.news.erols.com [207.172.3.57]
Jun 22 22:18:41 x sendmail[509]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "250 WAA00509
Message accepted for delivery": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "503 Need MAIL
before RCPT": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "503 Need MAIL
command": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-Scan-Time: 898571908"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-CIDR-Block: <MY /16 WAS HERE>"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "X-Relay-Address: <MY IP ADDR WAS HERE>"": Broken pipe
Jun 22 22:18:41 x sendmail[508]: NOQUEUE: SYSERR: putoutmsg
(autumn.news.erols.com): error on output channel sending "500 Command
unrecognized: "."": Broken pipe
Jun 22 22:19:57 x sendmail[511]: WAA00509: to=<[email protected]>,
delay=00:01:16, xdelay=00:01:16, mailer=esmtp, relay=luser.oneill.net.
[207.96.89.34], stat=Deferred: Operation timed out with
luser.oneill.net.

It looks to me like someone on the host at erols tried to relay through
me, and then mail the potential results to themselves at fnord.net
(relayed via oneill.net).

Is someone attempting to perform a community service here and scan the
entire Internet for relays, or are they collecting relays for evil
purposes?  I can see it now;  buy "10 million relay sites on a cdrom for
$9.99".

Ryan Brooks
[email protected]