SAIX RBL Scans - Interesting....

[Brandon]

Good day

Please mail below.

Regards
Willy

----- Original Message -----
From: "Jaco Lesch" <[email protected]>
To: "SAIX Abuse" <[email protected]>
Sent: Wednesday, March 30, 2005 8:37 AM
Subject: Re: Fw: This mail server does not relay SAIX mail!!!!


> Willy
>
> Well I am glad to seem some people know how to configure and secure
> MDaemon properly.
>
> Yes we are probing all logged in ADSL users for open SMTP relays on a
> continious basis. These open relay IP's then get blocked from using
> smtp.saix.net as their outgoing relay. This is to ensure that
> smtp.saix.net does not get listed as a 3rd party relay by various RBL's
> and large email providers, i.e. Yahoo, Hotmail and AOL.
>
> You can find some more info on the following URL:
> http://www.saix.net/smtp/rbl-faq.html
>
> Regards
>
> ---
> Jaco Lesch
> SAIX HLS
> Email: [email protected]
>
>
>
> SAIX Abuse wrote:
>
> >Jaco
> >
> >Please assist.
> >
> >Regards
> >Willy
> >
> >----- Original Message -----
> >From: <Postmaster>
> >To: <[email protected]>
> >Sent: Thursday, March 24, 2005 4:45 PM
> >Subject: This mail server does not relay SAIX mail!!!!
> >
> >
> >
> >
> >>This mail server does not relay to saix recipients.
> >>ctb-netw1.saix.net does not seem to understand 550 and keeps reytrying;
> >>This has been occuring for the past 2 weeks.
> >>Log:
> >>
> >>Thu 2005-03-24 11:55:43: ----------
> >>Thu 2005-03-24 11:55:43: Session 1543; child 1; thread 804
> >>Thu 2005-03-24 11:55:40: [1543:1] Accepting SMTP connection from
> >[196.43.2.30 : 48386]
> >>Thu 2005-03-24 11:55:40: [1543:1] Looking up PTR record for 196.43.2.30
> >(30.2.43.196.IN-ADDR.ARPA)
> >>Thu 2005-03-24 11:55:40: [1543:1] D=30.2.43.196.IN-ADDR.ARPA TTL=(1309)
> >PTR=[ctb-netw1.saix.net]
> >>Thu 2005-03-24 11:55:40: [1543:1] Gathering A-records for PTR hosts
> >>Thu 2005-03-24 11:55:40: [1543:1] D=ctb-netw1.saix.net TTL=(1398)
> >A=[196.43.2.30]
> >>Thu 2005-03-24 11:55:40: [1543:1] --> 220- ESMTP MDaemon
> >7.2.3; Thu, 24 Mar 2005 11:55:40 +0200
> >>Thu 2005-03-24 11:55:40: [1543:1] --> 220-Station2:
> >>Thu 2005-03-24 11:55:40: [1543:1] --> 220-Unauthorized use prohibited,
> >>Thu 2005-03-24 11:55:40: [1543:1] --> 220 All transactions and IP
> >addresses are logged!
> >>Thu 2005-03-24 11:55:40: [1543:1] <-- HELO ctb-netw1
> >>Thu 2005-03-24 11:55:40: [1543:1] Performing lookup on ctb-netw1
(looking
> >for 196.43.2.30)
> >>Thu 2005-03-24 11:55:40: [1543:1] D=ctb-netw1 TTL=(1334) A=[196.43.2.30]
> >>Thu 2005-03-24 11:55:40: [1543:1] --> 250 Hello
> >ctb-netw1.saix.net, pleased to meet you
> >>Thu 2005-03-24 11:55:40: [1543:1] <-- MAIL FROM:<[email protected]>
> >>Thu 2005-03-24 11:55:40: [1543:1] Performing lookup on yahoo.com
(looking
> >for 196.43.2.30)
> >>Thu 2005-03-24 11:55:40: [1543:1] D=yahoo.com TTL=(0)
A=[216.109.112.135]
> >>Thu 2005-03-24 11:55:41: [1543:1] P=005 D=yahoo.com TTL=(33)
> >MX=[mx4.mail.yahoo.com]
> >>Thu 2005-03-24 11:55:41: [1543:1] P=001 D=yahoo.com TTL=(33)
> >MX=[mx3.mail.yahoo.com]
> >>Thu 2005-03-24 11:55:41: [1543:1] P=001 D=yahoo.com TTL=(33)
> >MX=[mx2.mail.yahoo.com]
> >>Thu 2005-03-24 11:55:41: [1543:1] P=001 D=yahoo.com TTL=(33)
> >MX=[mx1.mail.yahoo.com]
> >>Thu 2005-03-24 11:55:41: [1543:1] D=yahoo.com TTL=(0)
A=[216.109.112.135]
> >>Thu 2005-03-24 11:55:41: [1543:1] D=yahoo.com TTL=(0) A=[66.94.234.13]
> >>Thu 2005-03-24 11:55:41: [1543:1] D=yahoo.com TTL=(0)
A=[216.109.112.135]
> >>Thu 2005-03-24 11:55:41: [1543:1] D=yahoo.com TTL=(0) A=[66.94.234.13]
> >>Thu 2005-03-24 11:55:41: [1543:1] Performing SPF lookup (196.43.2.30
> >trying to send as [email protected])
> >>Thu 2005-03-24 11:55:41: [1543:1] SPF result: none; no SPF record
> >>Thu 2005-03-24 11:55:41: [1543:1] Spam Blocker is checking 196.43.2.30
> >(connecting IP)
> >>Thu 2005-03-24 11:55:42: [1543:1] * relaywatcher.n13mbl.com - passed
> >>Thu 2005-03-24 11:55:42: [1543:1] * opm.blitzed.org - passed
> >>Thu 2005-03-24 11:55:42: [1543:1] * relays.ordb.org - passed
> >>Thu 2005-03-24 11:55:42: [1543:1] Spam Blocker is finished
> >>Thu 2005-03-24 11:55:42: [1543:1] --> 250 <[email protected]>, Sender ok
> >>Thu 2005-03-24 11:55:43: [1543:1] <-- RCPT TO:<[email protected]>
> >>Thu 2005-03-24 11:55:43: [1543:1] Sender attempted to deliver message to
> >unknown address
> >>Thu 2005-03-24 11:55:43: [1543:1] --> 550 <[email protected]>, Recipient
> >unknown
> >>Thu 2005-03-24 11:55:43: [1543:1] <-- QUIT
> >>Thu 2005-03-24 11:55:43: [1543:1] --> 221 See ya in cyberspace
> >>Thu 2005-03-24 11:55:43: [1543:1] SMTP session successful (Bytes in/out:
> >77/344)
> >>Thu 2005-03-24 11:55:43: ----------
> >>Thu 2005-03-24 15:05:35: * relaywatcher.n13mbl.com - passed
> >>Thu 2005-03-24 15:05:35: * opm.blitzed.org - passed
> >>Thu 2005-03-24 15:05:35: * relays.ordb.org - passed
> >>Thu 2005-03-24 15:05:35: ----------
> >>Thu 2005-03-24 15:05:35: Session 1574; child 1; thread 836
> >>Thu 2005-03-24 15:05:32: [1574:1] Accepting SMTP connection from
> >[196.43.2.30 : 50954]
> >>Thu 2005-03-24 15:05:32: [1574:1] Looking up PTR record for 196.43.2.30
> >(30.2.43.196.IN-ADDR.ARPA)
> >>Thu 2005-03-24 15:05:32: [1574:1] D=30.2.43.196.IN-ADDR.ARPA TTL=(1379)
> >PTR=[ctb-netw1.saix.net]
> >>Thu 2005-03-24 15:05:32: [1574:1] Gathering A-records for PTR hosts
> >>Thu 2005-03-24 15:05:32: [1574:1] D=ctb-netw1.saix.net TTL=(1380)
> >A=[196.43.2.30]
> >>Thu 2005-03-24 15:05:32: [1574:1] --> 220- ESMTP MDaemon
> >7.2.3; Thu, 24 Mar 2005 15:05:32 +0200
> >>Thu 2005-03-24 15:05:32: [1574:1] --> 220-Station2:
> >>Thu 2005-03-24 15:05:32: [1574:1] --> 220-Unauthorized use prohibited,
> >>Thu 2005-03-24 15:05:32: [1574:1] --> 220 All transactions and IP
> >addresses are logged!
> >>Thu 2005-03-24 15:05:32: [1574:1] <-- HELO ctb-netw1
> >>Thu 2005-03-24 15:05:32: [1574:1] Performing lookup on ctb-netw1
(looking
> >for 196.43.2.30)
> >>Thu 2005-03-24 15:05:32: [1574:1] D=ctb-netw1 TTL=(1344) A=[196.43.2.30]
> >>Thu 2005-03-24 15:05:32: [1574:1] --> 250 Hello
> >ctb-netw1.saix.net, pleased to meet you
> >>Thu 2005-03-24 15:05:32: [1574:1] <-- MAIL FROM:<[email protected]>
> >>Thu 2005-03-24 15:05:32: [1574:1] Performing lookup on yahoo.com
(looking
> >for 196.43.2.30)
> >>Thu 2005-03-24 15:05:32: [1574:1] D=yahoo.com TTL=(2)
A=[216.109.112.135]
> >>Thu 2005-03-24 15:05:32: [1574:1] P=005 D=yahoo.com TTL=(21)
> >MX=[mx4.mail.yahoo.com]
> >>Thu 2005-03-24 15:05:32: [1574:1] P=001 D=yahoo.com TTL=(21)
> >MX=[mx3.mail.yahoo.com]
> >>Thu 2005-03-24 15:05:32: [1574:1] P=001 D=yahoo.com TTL=(21)
> >MX=[mx2.mail.yahoo.com]
> >>Thu 2005-03-24 15:05:32: [1574:1] P=001 D=yahoo.com TTL=(21)
> >MX=[mx1.mail.yahoo.com]
> >>Thu 2005-03-24 15:05:32: [1574:1] D=yahoo.com TTL=(2) A=[66.94.234.13]
> >>Thu 2005-03-24 15:05:32: [1574:1] D=yahoo.com TTL=(2)
A=[216.109.112.135]
> >>Thu 2005-03-24 15:05:32: [1574:1] D=yahoo.com TTL=(2) A=[66.94.234.13]
> >>Thu 2005-03-24 15:05:32: [1574:1] D=yahoo.com TTL=(2)
A=[216.109.112.135]
> >>Thu 2005-03-24 15:05:32: [1574:1] Performing SPF lookup (196.43.2.30
> >trying to send as [email protected])
> >>Thu 2005-03-24 15:05:33: [1574:1] SPF result: none; no SPF record
> >>Thu 2005-03-24 15:05:33: [1574:1] Spam Blocker is checking 196.43.2.30
> >(connecting IP)
> >>Thu 2005-03-24 15:05:34: [1574:1] * relaywatcher.n13mbl.com - passed
> >>Thu 2005-03-24 15:05:34: [1574:1] * opm.blitzed.org - passed
> >>Thu 2005-03-24 15:05:35: [1574:1] * relays.ordb.org - passed
> >>Thu 2005-03-24 15:05:35: [1574:1] Spam Blocker is finished
> >>Thu 2005-03-24 15:05:35: [1574:1] --> 250 <[email protected]>, Sender ok
> >>Thu 2005-03-24 15:05:35: [1574:1] <-- RCPT TO:<[email protected]>
> >>Thu 2005-03-24 15:05:35: [1574:1] Sender attempted to deliver message to
> >unknown address
> >>Thu 2005-03-24 15:05:35: [1574:1] --> 550 <[email protected]>, Recipient
> >unknown
> >>Thu 2005-03-24 15:05:35: [1574:1] <-- QUIT
> >>Thu 2005-03-24 15:05:35: [1574:1] --> 221 See ya in cyberspace
> >>Thu 2005-03-24 15:05:35: [1574:1] SMTP session successful (Bytes in/out:
> >77/344)
> >>Thu 2005-03-24 15:05:35: ----------


Nice to get a reply from the SAIX Abuse guys!

 

[allyoucaneat]

Yes. It is good to see that SAIX does something proactively about open relays.

 

[killadoob]

wtf is an open relay?

 

[allyoucaneat]

An open relay is a mailserver (could be your PC or a proper server) that relays anybody's email -- including spammers. A trojan horse or a virus or some other malicious program could make your PC an open relay. Since open relays and open proxies are abused by spammers, having an open relay or open proxiy are considered abuse.

One downside of an open relay or open proxy for an ADSL user is that the spammer will hammer your bandwidth and you will reach your cap (if you have one) much sooner.

 

[DFantom]

I know this is a bit off topic, but I mean Telkom/SAIX is useless and they get this right. Sentech can't get it right to close their open transparent proxy relays.
WTF?
I means it's like saying SAIX > Sentech...it just does not compute captain...

*sigh*