Not only Exchange 2K servers are affected. Let's see a snippet of my malhub:
<snip>
According to the 'Received:' trace, the message originated at:
nctta.org (nctta-org-bk.mr.outblaze.com [205.158.62.181])
The message WAS NOT delivered to:
<[EMAIL PROTECTED]>:
550 5.7.1 Message content rejected, UBE, id=29788-03
</snip>
<snip>
Received: from nctta.org (nctta-org-bk.mr.outblaze.com [205.158.62.181])
by 212.68.242.53.brutele.be (Postfix) with ESMTP id 53062264EF
for <[EMAIL PROTECTED]>; Wed, 27 Jul 2005 20:20:05 -0500
</snip>
As you can see in my case was a Postfix server (probably under a double
mta configuration) whom is bouncing me or trying to bounce me.
Spam, the evil of the actual mail.
BR,
jonathan
Ted Cooper wrote:
Wakko Warner wrote:
Mark Smith wrote:
Subject: [exim] Weird RCPT TO address
a1aaa1azzzz1zaaaaa@<local domain>
Anyone else seeing this?
Yes, coming from a variety of zombies.
I just recently started seeing this. Wondering if this was due to spammers
trying to exploit servers that accept/bounce.
Probably. Default exchange(2k) behaviour is to still accept the mail and then
bounce it if it can't deliver it anywhere. I've had hits on a number of
servers..
2005-07-27 15:43:04 H=(200-101-188-071.cbrbr200.dial.brasiltelecom.net.br)
[200.101.188.71] F=<[EMAIL PROTECTED]> rejected RCPT
<[EMAIL PROTECTED]>: Unknown user
Also the exact same local part so they're all going to be from the one bot net.
Ted.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
