[Mimedefang] I'd expect better from CERN
Philip Prindeville
philipp_subx at redfish-solutions.com
Mon Jan 16 15:25:22 EST 2006
Apparently, they're not running a very tight ship. I'm seeing:
Jan 15 15:16:04 mail sendmail[17255]: NOQUEUE: connect from
cernmx08.cern.ch [137.138.166.172]
Jan 15 15:16:04 mail sendmail[17255]: AUTH: available mech=DIGEST-MD5
ANONYMOUS
CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Jan 15 15:16:04 mail sendmail[17255]: k0FMG4nc017255: Milter
(mimdefang): init success to negotiate
Jan 15 15:16:04 mail sendmail[17255]: k0FMG4nc017255: Milter: connect to
filtersJan 15 15:16:04 mail mimedefang.pl[16045]: relay:
137.138.166.172, cernmx08.cern.ch
Jan 15 15:16:04 mail mimedefang.pl[16045]: relay: 137.138.166.172
matches 0.0.0.0/0
Jan 15 15:16:04 mail mimedefang.pl[16045]: relay: CONTINUE: OK
Jan 15 15:16:04 mail sendmail[17255]: k0FMG4nc017255: cernmx08.cern.ch
[137.138.166.172] did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA-v4
So it looks like one or more of their MX servers either has user access on
it, and/or it's been compromised... and this has been going on for months.
I tried to point it out to them, but didn't hear back.
Anyone know what exactly they are probing for, or have they seen this?
I might want to try to transcribe the session next time...
-Philip
More information about the MIMEDefang
mailing list