SMTP harrasment by nie2.infomail.es?

From: Hugo van der Kooij (hvdkooij@vanderkooij.org)
Date: 11/23/02

  • Next message: H C: "RE: increased attacks on port 2599" 
    Date: Sat, 23 Nov 2002 13:13:36 +0100 (CET)
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
To: Incidents Mailing List <incidents@securityfocus.com>

    Hi,

    Over the months I get burst of SMTP attempts from nie2.infomail.es that
    seem to indicate a broken SMTP server.

    I reject email from them ever since complaints about spam were bounced as
    critical users like postmaster were not present.

    However them seem to ignore the SMTP specs and resend messages for a
    period untill they give up. As shown in a sample of my log for the last
    60 minutes alone:

    Nov 23 11:47:15 ultra1 sendmail[17464]: gANAlF517464: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
    Nov 23 12:03:03 ultra1 sendmail[17877]: gANB33517877: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
    Nov 23 12:14:11 ultra1 sendmail[18492]: gANBEB518492: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
    Nov 23 12:27:45 ultra1 sendmail[18724]: gANBRj518724: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms
    Nov 23 12:44:06 ultra1 sendmail[19010]: gANBi6519010: ruleset=check_relay, arg1=nie2.infomail.es, arg2=195.235.39.19, relay=nie2.infomail.es [195.235.39.19], reject=570 5.0.0 i'm denying smtp sessions from your system - see also http://hvdkooij.xs4all.nl/email.cms

    Could someone verify this?

    Hugo. 

    -- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij@vanderkooij.org		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com