[Dshield] smail attack

SAMEER SALEH SAMEER.SALEH at mobilecom.jo
Tue Oct 23 07:38:24 GMT 2001


My Cisco IDS is reporting the following Context buffer (sample only )

Context Buffer 1:

EHLO MAIL.mobilecom.com.jo

HELO MAIL.mobilecom.com.jo

MAIL FROM:<BSHARA.DABABNEH at mobilecom.jo>

RCPT TO:<bounce

Context Buffer 2:

220 tigger.emailhello.com ESMTP Postfix

502   

250 tigger.emailhello.com

250 Ok

Context Buffer 1:

EHLO MAIL.mobilecom.com.jo

HELO MAIL.mobilecom.com.jo

MAIL FROM:<>

RCPT TO:<81524 at bounce

Context Buffer 2:

220 zoobmail003.zoomail003 (PowerMTA v1.0rel) ESMTP service ready

502         

250 zoobmail003.zoomail003 says hello

250 2.1.0 ok

The CSPM event viewer is reporting smail attack .The source IP is my mail
server  the destination are different IP’s . my mail server is not unix
sendmail , could  someone explain this , is my server is used to attack
others servers . my server is configured no to relay SMTP mail.




More information about the list mailing list