Found in ASSP Logs:
Oct-23-06 11:06:36
87.0.57.8 <> malformed address:
'@qo:ÄÿïÿÿD3Ƀé°èÿÿÿÿÀ^v“{½6ƒîüâôoV{{‚BÉl6Z·_6s¯ðÁ3ëzR½Üc6i³zVO67}J}¯?ÿ}B”ºw;’¹V¨/™æž6i·zVPwö½Ìg¼ÝW6¿ÿ_¡WPJfR8½Ów6FÖ6v›%Õ¸ÝuQflÛeõŽû
ÎÌ/Bæû°Pʨ+BàÌòXP–µ4Æ¿ÉCd?fÖêÉE(îeÀ(þeÐ(Bæõ¬jõ(4×,ã¼êÉEgÆ„m^7Ö“ßÄ„keÆ„m^v2;Ä„kfÇ/èÉCèÕÑê½ÄalèÉC×RõÞ[ž×fÊRq¿tù¿qJ}Å9…ÿm9‘¥…8ÐÕDmÈ«Éæ?BàÈ,ïgÂ*×7Â*ègl«Õ›J~sel×ÉlLBæ,AµWBàÁ„m^cñ¹iÀ„kÉC{½6SSS'
Oct-23-06
11:06:36 87.0.57.8 <> is disconnected
Pere
Ginabreda.
-----Mensaje original-----
De:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]En
nombre de Beach Computers
Enviado el: domingo, 29 de octubre de 2006
17:13
Para: Imail_Forum@list.ipswitch.com
Asunto: RE: [IMail Forum] SMTP
Exploit Scanning Going on NOW
Thank you!
Doug,
Oct-29-06
07:28:10 210.91.106.44 <> malformed address:
'@qo:ÄÿïÿÿDjPYÙîÙt$ô[sŒo²ƒëüâôóæ„ÿçuMðìäÞ+¨ä÷3
[EMAIL PROTECTED]/„û„¸ä³á½¯+£¯ÆM¥¿N„F4ØKšziäí+„Ô„€$9PnY ä;c¨sÓ̽´Ö„Ï_9O€äÂ!äò Ò
<A‚ƒâðZ
áiä\€gû€PØbgG‚N4ÜdPŠÔŽag°ZæmMß䶻ú!8MÙß<á\ß,áLßbiäwîißæSšä˨K8MÙæãZs¿Ú«!A[Xs¹áZs¿ÚêÅéûXs¹â[Ø:Mß
UvJåðZ:MßêÖiä ߆iâV¥£;èæ+;í½¯A¥r-ŸñÎC!‚öW¤' Àñ?yMzÈdTÛ=ã^ݳ^Ý:ãð\
Ö‰¡áðZMð»b„Û“1Ëèd]s¿Úÿkí\s¹Mߌo²SSS'
This is from ASSP with delaying
on, everything in test mode.
Still trying to get the server backup, so sorry
for the short reply.
<rant>
All I can say at this point is I
FULLY regret going with Ipswitch and putting up with all the crap they pull all
the time.
It's one thing where an upgrade is optional unless you want
features, but a vulnerability left open is simply unacceptable.
If the server
stays up long enough so I have time to deal with this on Monday, I'm planning on
calling around to different publications and seeing if they will publish
anything about
this.
</rant>
Dave
-----------------------------------
|Beach
Computers
|
|Affordable Hosting Solutions |
|http://www.beachcomp.com
|
===================================
|Cheap Domain
Warehouse
|
|Get Your Own
Dot!
|
|http://www.cheapdomainwarehouse.com|
----------------------------------
------------------------------------
Disclaimer
and confidentiality note:
The contents of this communication are
intended/meant only for addressee(s) and may contain information that is
privileged or otherwise confidential.
If you are not the intended recipient
you are hereby notified that any disclosure, copying, distribution or taking any
action in reliance on the
contents of this information is strictly prohibited
and may be unlawful.
The contents of this e-mail shall not be forwarded to
any third party. If you have received this electronic mail transmission in
error, please delete
it from your system without copying or forwarding it,
and notify the sender of the error by reply email, so that the sender's address
records
can be corrected.
Views and opinions are solely those of the
sender unless clearly indicated as being that of Beach Computers or any of it's
affiliated companies.
Beach Computers cannot assure that the integrity of
this communication has been maintained or that it is free of errors, virus,
interception or interference.
-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Mike N
Sent: Sunday, October 29, 2006 10:58 AM
To:
Imail_Forum@list.ipswitch.com
Subject: Re: [IMail Forum] SMTP Exploit
Scanning Going on NOW
Go to the IMail administrator / Services / SMTP /
"Edit Kill File". Enter
[EMAIL PROTECTED] and restart SMTP. NOTE:
This will also block everything matching that pattern - including
[EMAIL PROTECTED] (I just made that one up - don't know if it exists), so
there MIGHT be side effects.
----- Original Message -----
Is
there a way to do a global ban from [EMAIL PROTECTED]
The only way I know is to
create a rule for each domain which can be a nightmare.
To
Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List
Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge
Base/FAQ: http://www.ipswitch.com/support/IMail/
NrzórrzÊryҶ…æ1