level3 relaying mail?
Results 1 to 5 of 5

Thread: level3 relaying mail?

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Posts
    282

    level3 relaying mail?

    Has nonyone noticed suspisious activity comeing from level3.com I know they have a agreement with microsoft http://www.level3.com/press/2053.html But last night something strange happened. An ip owned by level3 tryed to relay off my mail server last night. Take a look at my mail server log:

    5/14/03 11:26:35 PM - ( 34) HELO ArGoSoft
    5/14/03 11:26:35 PM - ( 34) 250 Welcome [65.57.63.40], pleased to meet you
    5/14/03 11:26:35 PM - ( 34) MAIL From: <jackbran1@ArGoSoft>
    5/14/03 11:26:36 PM - ( 34) 250 Sender "jackbran1@ArGoSoft" OK...
    5/14/03 11:26:36 PM - ( 34) RCPT To:<antrun@aol.com>
    5/14/03 11:26:36 PM - ( 34) 550 User not local. Authentication required for relay
    5/14/03 11:26:36 PM - ( 34) RCPT To:<AliciaDBethel@gofree.co.uk>
    5/14/03 11:26:36 PM - ( 34) 550 User not local. Authentication required for relay
    5/14/03 11:26:37 PM - ( 34) QUIT
    5/14/03 11:26:37 PM - ( 34) 221 Aba he
    5/14/03 11:26:37 PM - SMTP connection with 65.57.63.40 ended. ID=34
    This hapened last night, all times are EST (GMT -05:00) I noticed when signing into hotmail about a few weeks ago, a conection to level3 and looked them up, thats when I found they have a contract with microsoft. Ive been searching seems im not the only one:

    http://www.webmasterworld.com/forum11/1134.htm

    Trying whois -h whois.arin.net 65.57.63.40

    OrgName: Level 3 Communications, Inc.
    OrgID: LVLT
    Address: 1025 Eldorado Blvd.
    City: Broomfield
    StateProv: CO
    PostalCode: 80021
    Country: US



  2. #2
    To me it looks liek someone was trying to send an anonymous email on the level3.com smtp server, but in their attempt failed, and quit. I dont believe it is a big deal. Good post man i hope i answered ur queston if not im sorry.

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    The mail server is on my macxhine not conected atall with level3, but maybe your right maybe I realy dont have to wory about it, afterall my server stoped it. But it kinda stuck me, I have only been running the server for less then a month.

    It stuck me because I set up the mail server only for my PHP scripts and web site, since I only use it for private mailings from my site and my site itself is private requireing a password it stuck me as to how they discovered the mail server. Ive hered of spammers scanning for mail servers and trying to find one that relays but never thought it would hapen to me.

    Thanks for your responce.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    A dig shows:
    40.63.57.65.in-addr.arpa PTR (Pointer) dialup-65.57.63.40.Dial1.StLouis1.Level3.net

    Its a dial-up account probably 'borrowed'.

    looks like some fool lookin for a relay to hide behind, that didn't know argosoft was a software mfg and not you domain name. Chances are he sent it to himself in an attemt to see if he could relay threw your server, trying to make himself look local to your server. My guess is its someone with a scheme to rip folks off somehow and will spam all he can with the first server he can find/hack.

    The best thing you can do is send a copy of this log entry to abuse@level3.com before he does his dirty deed
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    Thank you tedob1, I sent a copy the night it hapened to the abuse email and got a confrimation. I guess this is about all I should/can do, Cant seem to find any blacklist feature in my freeware version of argosoft but Im planing on purchaseing the pro version of the server since I am pleased with it.

    A question would be, normaly after reporting the atempt would you somehow report it to a black list place so the server can be blacklisted or would level3 take it from there and if need be have it blacklisted?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides