North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 25,000 ton amphibious spam relay

  • From: Suresh Ramasubramanian
  • Date: Tue Dec 16 17:39:29 2003

Swaar, Matthew L.  writes on 12/16/2003 3:52 PM:

E-mailing the DOD-CERT is also another way to try to get these things fixed.

(...I'm not 100% certain that getting this fixed was the point of this, but
figured I'd point that out on the off chance.)

I'm forwarding the header information of this spam to the appropriate folks.
Yup - and this was behind a Raptor firewall, which seems to have added to rather than subtracted from the general insecurity of an old exchange server, in this case.

> H: Received: from by
> H: via smtpd (for []) with SMTP; 16 Dec 2003 05:53:08 UT
The and via smtpd in the top header say it all - and so much for smtp proxies trying to munge every single piece of version information in sight including the smtp banner, to ensure "security by obscurity" :)

> H: Received: from avnavfw.AVONDALE ( []) by
> H: with SMTP (Microsoft Exchange Internet Mail
> H: Service Version 5.5.2653.13)
Not that just plain old exchange of such an antique vintage would have been anything but secure, nosirree ...

srs (postmaster|suresh) // gpg : EDEDEFB9
manager, security and antispam operations