magpage.com blocked

Vernon Schryver vjs@calcite.rhyolite.com
Tue Feb 26 02:09:55 UTC 2002


I've just added magpage.com to the Rhyolite Software list of unwelcome domains
because of the enclosed dccm log file entry showing an attempt to
relay mail through this system.

No one at Rhyolite Software has ever sent any mail to any magpage.com
SMTP server.  Thus, in my view, this test was unprovoked and so 
indistinguishable from the efforts of any other spammer.

In checking logs, I see what looks like an effort by a rsk@magpage.com
to subscribe to this mailing list:
Feb 25 15:10:12 calcite sendmail[24630]: g1PM84Cg024599: to=<rsk@magpage.com>, delay=00:02:08, xdelay=00:00:02, mailer=esmtp, pri=708314, relay=trinity.magpage.com. [216.155.0.8], dsn=2.0.0, stat=Sent (g1PMAB657010 Message accepted for delivery)
If that is what triggered the relay attack by magpage.com, the relay
attack remains unprovoked.

The Magpage.com nonsense about SMTP welcome banner is offensive,
because it is impossible for ordinary users to see or even understand.
Such testing by every system of every other system is not only insulting;
it does not scale.  Magpage.com will remain in the Rhyolite Software
list of unwelcome domains as "unable to play nicely with others."


Vernon Schryver    vjs@rhyolite.com



DATE: 02/25/02 15:10:18 MST
IP: moose.magpage.com ::ffff:216.155.0.30
HELO: trinity.magpage.com
env_From: <relaytest@magpage.com>
env_To: <relaytest@magpage.com>

Subject: Hello!

Magpage performs a relay test on all hosts that send us email. This test is conducted at most once in a 60 day period, and after that 60 day period, only when one of your users sends us a new message. This test is clearly defined in our server's SMTP welcome banner. Any information about open relay status gathered will not be distributed to anyone, and is for internal blacklists only.
Magpage Support

RRT_AUTH_KEY: 3233561859


### end of message body ########################
sendmail.cf-->{dcc_isspam}: "DISCARD: Relaying denied  Sent to DCC"

/var/dcc/whiteclnt-->spam

X-DCC--Metrics: calcite.rhyolite.com 101; Body=many Fuz1=many Fuz2=many

        IP: 06112e92 37a427bf 261d3c93 bdd029aa              
  env_From: e75e936d b685d35e 43c44db5 825b97ad              
substitute: 3a1fc838 3a44fdd7 9efd98c1 f71d3c9a              helo
Message-ID: d41d8cd9 8f00b204 e9800998 ecf8427e  many        
      Body: 2d1f1855 87211be3 69dd50b0 bbc652ad              
      Fuz1: b0edb88b 1cd93960 5a582707 589c49dc              
      Fuz2: 6af3fa8c fd74f3b2 85104210 14662b7f              

result: discard
targets: spam



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.