Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: [qpsmtpd/current log] PayPal spoof?
« previous next »
Pages: [1]   Go Down

[qpsmtpd/current log] PayPal spoof?

  • 0 Replies
  • 1190 Views

Offline piran

  • *****
  • 502
  • +0/-0
[qpsmtpd/current log] PayPal spoof?
« on: October 30, 2006, 02:53:30 PM »
Have not seen this sort of stuff in the qpsmtpd/current log.
Nothing 'got through' and, thankfully, SME7 seems to have handled the situation impeccably.
Brief explanation of what occurred... IOW they were trying to do what?

Code: [Select]
2006-10-30 12:52:48.264564500 14012 Accepted connection 0/40 from 69.26.136.10 / ns20.britsys.net
2006-10-30 12:52:48.264760500 14012 Connection from ns20.britsys.net [69.26.136.10]
2006-10-30 12:52:48.265296500 14012 running plugin (connect): check_earlytalker
2006-10-30 12:52:48.265959500 14012 check_earlytalker plugin: remote host started talking before we said hello [69.26.136.10]
2006-10-30 12:52:48.266223500 14012 Plugin check_earlytalker, hook connect returned DENYSOFT, Connecting host started transmitting before SMTP greeting
2006-10-30 12:52:48.266374500 14012 450 Connecting host started transmitting before SMTP greeting
2006-10-30 12:52:48.693952500 15847 cleaning up after 14012
2006-10-30 12:55:52.761272500 14131 Accepted connection 0/40 from 69.26.136.10 / ns20.britsys.net
2006-10-30 12:55:52.761467500 14131 Connection from ns20.britsys.net [69.26.136.10]
2006-10-30 12:55:52.762003500 14131 running plugin (connect): check_earlytalker
2006-10-30 12:55:53.762070500 14131 check_earlytalker plugin: remote host said nothing spontaneous, proceeding
2006-10-30 12:55:53.762340500 14131 Plugin check_earlytalker, hook connect returned DECLINED,
2006-10-30 12:55:53.762472500 14131 running plugin (connect): check_relay
2006-10-30 12:55:53.762662500 14131 trying to get config for relayclients
2006-10-30 12:55:53.763058500 14131 trying to get config for morerelayclients
2006-10-30 12:55:53.763316500 14131 Plugin check_relay, hook connect returned DECLINED,
2006-10-30 12:55:53.763448500 14131 running plugin (connect): check_norelay
2006-10-30 12:55:53.763610500 14131 trying to get config for norelayclients
2006-10-30 12:55:53.763957500 14131 Plugin check_norelay, hook connect returned DECLINED,
2006-10-30 12:55:53.764089500 14131 running plugin (connect): whitelist_soft
2006-10-30 12:55:53.764300500 14131 trying to get config for whitelisthosts
2006-10-30 12:55:53.764505500 14131 Plugin whitelist_soft, hook connect returned DECLINED,
2006-10-30 12:55:53.764637500 14131 running plugin (connect): dnsbl
2006-10-30 12:55:53.764871500 14131 dnsbl plugin: RBLSMTPD not set for 69.26.136.10
2006-10-30 12:55:53.765002500 14131 trying to get config for dnsbl_allow
2006-10-30 12:55:53.765371500 14131 trying to get config for dnsbl_zones
2006-10-30 12:55:53.766357500 14131 dnsbl plugin: Checking 10.136.26.69.dnsbl.burnt-tech.com for TXT record in the background
2006-10-30 12:55:53.768365500 14131 dnsbl plugin: Checking 10.136.26.69.rbldns0.sorbs.net for TXT record in the background
2006-10-30 12:55:53.769199500 14131 dnsbl plugin: Checking 10.136.26.69.korea.services.net for TXT record in the background
2006-10-30 12:55:53.769899500 14131 dnsbl plugin: Checking 10.136.26.69.dnsbl.tqmcube.com for TXT record in the background
2006-10-30 12:55:53.770560500 14131 dnsbl plugin: Checking 10.136.26.69.psbl.surriel.com for TXT record in the background
2006-10-30 12:55:53.771352500 14131 dnsbl plugin: Checking 10.136.26.69.cbl.abuseat.org for TXT record in the background
2006-10-30 12:55:53.771936500 14131 dnsbl plugin: Checking 10.136.26.69.dnsbl-2.uceprotect.net for TXT record in the background
2006-10-30 12:55:53.772597500 14131 dnsbl plugin: Checking 10.136.26.69.dnsbl.njabl.org for TXT record in the background
2006-10-30 12:55:53.773402500 14131 dnsbl plugin: Checking 10.136.26.69.dnsbl-3.uceprotect.net for TXT record in the background
2006-10-30 12:55:53.773984500 14131 dnsbl plugin: Checking 10.136.26.69.dnsbl-1.uceprotect.net for TXT record in the background
2006-10-30 12:55:53.774671500 14131 dnsbl plugin: Checking 10.136.26.69.relays.nether.net for TXT record in the background
2006-10-30 12:55:53.778166500 14131 dnsbl plugin: Checking 10.136.26.69.sbl-xbl.spamhaus.org for TXT record in the background
2006-10-30 12:55:53.778168500 14131 dnsbl plugin: Checking 10.136.26.69.dynablock.njabl.org for TXT record in the background
2006-10-30 12:55:53.778169500 14131 dnsbl plugin: Checking 10.136.26.69.virbl.dnsbl.bit.nl for TXT record in the background
2006-10-30 12:55:53.778170500 14131 dnsbl plugin: Checking 10.136.26.69.bl.spamcop.net for TXT record in the background
2006-10-30 12:55:53.778171500 14131 dnsbl plugin: Checking 10.136.26.69.relays.ordb.org for TXT record in the background
2006-10-30 12:55:53.778840500 14131 dnsbl plugin: Checking 10.136.26.69.bl.spamcannibal.org for TXT record in the background
2006-10-30 12:55:53.779467500 14131 dnsbl plugin: Checking 10.136.26.69.whois.rfc-ignorant.org for TXT record in the background
2006-10-30 12:55:53.780213500 14131 Plugin dnsbl, hook connect returned DECLINED,
2006-10-30 12:55:53.780366500 14131 trying to get config for smtpgreeting
2006-10-30 12:55:53.780656500 14131 220 xxxxxxxxxxxxxxxxxxxxx ESMTP
2006-10-30 12:55:53.780861500 14131 trying to get config for timeoutsmtpd
2006-10-30 12:55:53.781039500 14131 trying to get config for timeout
2006-10-30 12:55:54.002767500 14131 dispatching HELO ns20.britsys.net
2006-10-30 12:55:54.002974500 14131 running plugin (helo): whitelist_soft
2006-10-30 12:55:54.003131500 14131 trying to get config for whitelisthelo
2006-10-30 12:55:54.003355500 14131 Plugin whitelist_soft, hook helo returned DECLINED,
2006-10-30 12:55:54.003490500 14131 running plugin (helo): check_spamhelo
2006-10-30 12:55:54.003686500 14131 trying to get config for badhelo
2006-10-30 12:55:54.004038500 14131 Plugin check_spamhelo, hook helo returned DECLINED,
2006-10-30 12:55:54.004196500 14131 trying to get config for me
2006-10-30 12:55:54.004471500 14131 250 xxxxxxxxxxxxxxxxxxxxx Hi ns20.britsys.net [69.26.136.10]; I am so happy to meet you.
2006-10-30 12:55:54.183806500 14131 dispatching MAIL FROM: <paypal@paypal.com>
2006-10-30 12:55:54.184102500 14131 full from_parameter: FROM: <paypal@paypal.com>
2006-10-30 12:55:54.184225500 14131 from email address : [<paypal@paypal.com>]
2006-10-30 12:55:54.184817500 14131 running plugin (mail): whitelist_soft
2006-10-30 12:55:54.185012500 14131 trying to get config for whitelistsenders
2006-10-30 12:55:54.185486500 14131 Plugin whitelist_soft, hook mail returned DECLINED,
2006-10-30 12:55:54.185618500 14131 running plugin (mail): require_resolvable_fromhost
2006-10-30 12:55:54.185836500 14131 trying to get config for invalid_resolvable_fromhost
2006-10-30 12:55:54.186284500 14131 trying to get config for require_resolvable_fromhost
2006-10-30 12:55:54.559574500 14131 Plugin require_resolvable_fromhost, hook mail returned DECLINED,
2006-10-30 12:55:54.559714500 14131 running plugin (mail): rhsbl
2006-10-30 12:55:54.559977500 14131 trying to get config for rhsbl_zones
2006-10-30 12:55:54.560319500 14131 rhsbl plugin: Checking paypal.com.dsn.rfc-ignorant.org for TXT record in the background
2006-10-30 12:55:54.561235500 14131 Plugin rhsbl, hook mail returned DECLINED,
2006-10-30 12:55:54.561370500 14131 running plugin (mail): check_badmailfrom
2006-10-30 12:55:54.561541500 14131 trying to get config for badmailfrom
2006-10-30 12:55:54.561843500 14131 Plugin check_badmailfrom, hook mail returned DECLINED,
2006-10-30 12:55:54.562021500 14131 getting mail from <paypal@paypal.com>
2006-10-30 12:55:54.562163500 14131 250 <paypal@paypal.com>, sender OK - how exciting to get mail from you!
2006-10-30 12:55:54.562362500 14131 dispatching RCPT TO: <icecollapse@aol.com>
2006-10-30 12:55:54.562594500 14131 to email address : [<icecollapse@aol.com>]
2006-10-30 12:55:54.562863500 14131 running plugin (rcpt): whitelist_soft
2006-10-30 12:55:54.563032500 14131 trying to get config for whitelistrcpt
2006-10-30 12:55:54.563244500 14131 Plugin whitelist_soft, hook rcpt returned DECLINED,
2006-10-30 12:55:54.563365500 14131 running plugin (rcpt): rhsbl
2006-10-30 12:55:54.563603500 14131 rhsbl plugin: waiting for rhsbl dns
2006-10-30 12:55:54.872591500 14131 rhsbl plugin: DONE waiting for rhsbl dns, got  1  answers ...
2006-10-30 12:55:54.873214500 14131 Plugin rhsbl, hook rcpt returned DECLINED,
2006-10-30 12:55:54.873338500 14131 running plugin (rcpt): dnsbl
2006-10-30 12:55:54.873536500 14131 trying to get config for dnsbl_zones
2006-10-30 12:55:54.873852500 14131 dnsbl plugin: waiting for dnsbl dns
2006-10-30 12:55:54.874035500 14131 dnsbl plugin: DONE waiting for dnsbl dns, got  13  answers ...
2006-10-30 12:55:54.877648500 14131 trying to get config for dnsbl_zones
2006-10-30 12:55:54.877932500 14131 dnsbl plugin: waiting for dnsbl dns
2006-10-30 12:55:54.902893500 14131 dnsbl plugin: DONE waiting for dnsbl dns, got  1  answers ...
2006-10-30 12:55:54.903343500 14131 trying to get config for dnsbl_zones
2006-10-30 12:55:54.903728500 14131 dnsbl plugin: waiting for dnsbl dns
2006-10-30 12:55:54.903893500 14131 dnsbl plugin: DONE waiting for dnsbl dns, got  1  answers ...
2006-10-30 12:55:54.904335500 14131 trying to get config for dnsbl_zones
2006-10-30 12:55:54.904624500 14131 dnsbl plugin: waiting for dnsbl dns
2006-10-30 12:55:56.005970500 14131 dnsbl plugin: DONE waiting for dnsbl dns, got  1  answers ...
2006-10-30 12:55:56.006445500 14131 trying to get config for dnsbl_zones
2006-10-30 12:55:56.006738500 14131 dnsbl plugin: waiting for dnsbl dns
2006-10-30 12:55:56.049995500 14131 dnsbl plugin: DONE waiting for dnsbl dns, got  1  answers ...
2006-10-30 12:55:56.050449500 14131 trying to get config for dnsbl_zones
2006-10-30 12:55:56.050734500 14131 dnsbl plugin: waiting for dnsbl dns
2006-10-30 12:55:57.042676500 14131 dnsbl plugin: DONE waiting for dnsbl dns, got  1  answers ...
2006-10-30 12:55:57.043245500 14131 Plugin dnsbl, hook rcpt returned DECLINED,
2006-10-30 12:55:57.043369500 14131 running plugin (rcpt): check_badmailfrom
2006-10-30 12:55:57.043542500 14131 Plugin check_badmailfrom, hook rcpt returned DECLINED,
2006-10-30 12:55:57.043674500 14131 running plugin (rcpt): check_badrcptto_patterns
2006-10-30 12:55:57.043849500 14131 trying to get config for badrcptto_patterns
2006-10-30 12:55:57.044287500 14131 Plugin check_badrcptto_patterns, hook rcpt returned DECLINED,
2006-10-30 12:55:57.044425500 14131 running plugin (rcpt): check_badrcptto
2006-10-30 12:55:57.044597500 14131 trying to get config for badrcptto
2006-10-30 12:55:57.045380500 14131 Plugin check_badrcptto, hook rcpt returned DECLINED,
2006-10-30 12:55:57.045516500 14131 running plugin (rcpt): check_goodrcptto
2006-10-30 12:55:57.045715500 14131 check_goodrcptto plugin: stripping '-' extensions
2006-10-30 12:55:57.045848500 14131 trying to get config for goodrcptto
2006-10-30 12:55:57.103902500 14131 check_goodrcptto plugin: recipient icecollapse@aol.com denied
2006-10-30 12:55:57.104908500 14131 Plugin check_goodrcptto, hook rcpt returned DENY, invalid recipient icecollapse@aol.com
2006-10-30 12:55:57.105050500 14131 550 invalid recipient icecollapse@aol.com
2006-10-30 12:55:57.105262500 14131 dispatching DATA
2006-10-30 12:55:57.105527500 14131 503 RCPT first
2006-10-30 12:55:57.751538500 14131 dispatching Subject: ***MyActualIPAddressOctetWasUsedHere***
2006-10-30 12:55:57.751694500 14131 running plugin (unrecognized_command): count_unrecognized_commands
2006-10-30 12:55:57.751867500 14131 count_unrecognized_commands plugin: Unrecognized command 'subject:'
2006-10-30 12:55:57.752054500 14131 Plugin count_unrecognized_commands, hook unrecognized_command returned DECLINED,
2006-10-30 12:55:57.752201500 14131 500 Unrecognized command
2006-10-30 12:55:57.932886500 14131 dispatching Subject: ***MyActualIPAddressOctetWasUsedHere***
2006-10-30 12:55:57.933027500 14131 running plugin (unrecognized_command): count_unrecognized_commands
2006-10-30 12:55:57.933178500 14131 count_unrecognized_commands plugin: Unrecognized command 'subject:'
2006-10-30 12:55:57.933349500 14131 Plugin count_unrecognized_commands, hook unrecognized_command returned DECLINED,
2006-10-30 12:55:57.933491500 14131 500 Unrecognized command
2006-10-30 12:55:57.933619500 14131 dispatching Subject: ***MyActualIPAddressOctetWasUsedHere***
2006-10-30 12:55:57.933768500 14131 running plugin (unrecognized_command): count_unrecognized_commands
2006-10-30 12:55:57.933896500 14131 count_unrecognized_commands plugin: Unrecognized command 'subject:'
2006-10-30 12:55:57.934061500 14131 Plugin count_unrecognized_commands, hook unrecognized_command returned DECLINED,
2006-10-30 12:55:57.934205500 14131 500 Unrecognized command
2006-10-30 12:55:57.934342500 14131 dispatching Subject: ***MyActualIPAddressOctetWasUsedHere***
2006-10-30 12:55:57.934483500 14131 running plugin (unrecognized_command): count_unrecognized_commands
2006-10-30 12:55:57.934617500 14131 count_unrecognized_commands plugin: Unrecognized command 'subject:'
2006-10-30 12:55:57.934793500 14131 count_unrecognized_commands plugin: Closing connection. Too many unrecognized commands.
2006-10-30 12:55:57.934965500 14131 Plugin count_unrecognized_commands, hook unrecognized_command returned DENYHARD, Closing connection. 4 unrecognized commands.  Perhaps you should read RFC 2821?
2006-10-30 12:55:57.935112500 14131 521 Closing connection. 4 unrecognized commands.  Perhaps you should read RFC 2821?
2006-10-30 12:55:57.935239500 14131 click, disconnecting
2006-10-30 12:55:57.935371500 14131 running plugin (disconnect): rhsbl
2006-10-30 12:55:57.935542500 14131 Plugin rhsbl, hook disconnect returned DECLINED,
2006-10-30 12:55:57.935665500 14131 running plugin (disconnect): dnsbl
2006-10-30 12:55:57.935845500 14131 Plugin dnsbl, hook disconnect returned DECLINED,
2006-10-30 12:55:58.759441500 15847 cleaning up after 14131
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: [qpsmtpd/current log] PayPal spoof?