[18035] in North American Network Operators' Group
Re: "RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)
daemon@ATHENA.MIT.EDU (Dan Foster)
Wed Jun 24 12:44:54 1998
From: Dan Foster <dsf@frontiernet.net>
In-Reply-To: <358FD067.B13AD8F0@inc.net> from "Ryan K. Brooks" at "Jun 23, 98 10:57:28 am"
To: ryan@inc.net (Ryan K. Brooks)
Date: Wed, 24 Jun 1998 12:31:13 -0400 (EDT)
Cc: dsf@frontiernet.net (Dan Foster), coneill@erols.com, nanog@merit.edu
Hot Diggety! On a bright and sunny day, Ryan K. Brooks was rumored to have said...
> Had a new box on the net for all of two hours, and this pops up on in my
> maillog:
>
> Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
> (autumn.news.erols.com): error on output channel sending "250
> delay=00:01:16, xdelay=00:01:16, mailer=esmtp, relay=luser.oneill.net.
> [207.96.89.34], stat=Deferred: Operation timed out with
> luser.oneill.net.
Don't know what intentions were, but news.erols.com and oneill.net leads
me to believe you probably want to contact Clayton O'Neill at
coneill@erols.com.
Was hit by that, too...the host was id'ed as hmm.colo.erols.net as
well as luser.oneill.net. Not too wild about it -- I figure SMTP hosts
identified by DNS is fair game, but generally regard any other questionable
access as potential abuse cases.
hmm.colo.erols.net doesn't exist in the DNS, so I'm not sure offhand whether
this was spoofed or not.
Clayton, you know anything about this?
-Dan