[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MxToolbox.com
From: |
Alessandro Vesely |
Subject: |
MxToolbox.com |
Date: |
Thu, 11 Mar 2021 19:49:18 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 |
Hi all,
yesterday I reported abuse by MxToolbox.com trying to illicitly relay, and they
answered that is the expected behavior from their SMTP Open Relay test.
To avoid reporting their diagnostic tool one can modify the regular expression in
ipqbdb-pcre.conf. For a quick test of the expression one can use grep -P and
manually replace <HOST> with the pattern documented in ibd-parse(8) man page:
$ grep -P 'courieresmtpd:
error,relay=[0fF:]*(?P<IP>(:?[0-9]{1,3}\.){3}[0-9]{1,3}),port=[^,]*,from=<[^>]*>,to=<[^>]*>:
513 Relaying denied' /var/log/mail.log
Mar 11 16:24:48 19 north courieresmtpd:
error,relay=193.107.219.182,port=62824,from=<spameri@tiscali.it>,to=<spameri@tiscali.it>:
513 Relaying denied.
Mar 11 19:29:19 19 north courieresmtpd:
error,relay=18.205.72.90,port=3898,from=<supertool@mxtoolboxsmtpdiag.com>,to=<test@mxtoolboxsmtpdiag.com>:
513 Relaying denied.
$ grep -P 'courieresmtpd:
error,relay=[0fF:]*(?P<IP>(:?[0-9]{1,3}\.){3}[0-9]{1,3}),port=[^,]*,from=<[^>]*>,to=<[^>]*(?<!test@mxtoolboxsmtpdiag\.com)>:
513 Relaying denied' /var/log/mail.log
Mar 11 16:24:48 19 north courieresmtpd:
error,relay=193.107.219.182,port=62824,from=<spameri@tiscali.it>,to=<spameri@tiscali.it>:
513 Relaying denied.
Happy hacking
Ale
--
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- MxToolbox.com,
Alessandro Vesely <=