ipqbdb-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MxToolbox.com


From: Alessandro Vesely
Subject: MxToolbox.com
Date: Thu, 11 Mar 2021 19:49:18 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0

Hi all,

yesterday I reported abuse by MxToolbox.com trying to illicitly relay, and they 
answered that is the expected behavior from their SMTP Open Relay test.

To avoid reporting their diagnostic tool one can modify the regular expression in 
ipqbdb-pcre.conf.  For a quick test of the expression one can use grep -P and 
manually replace <HOST> with the pattern documented in ibd-parse(8) man page:


$ grep -P 'courieresmtpd: 
error,relay=[0fF:]*(?P<IP>(:?[0-9]{1,3}\.){3}[0-9]{1,3}),port=[^,]*,from=<[^>]*>,to=<[^>]*>:
 513 Relaying denied' /var/log/mail.log
Mar 11 16:24:48 19 north courieresmtpd: 
error,relay=193.107.219.182,port=62824,from=<spameri@tiscali.it>,to=<spameri@tiscali.it>:
 513 Relaying denied.
Mar 11 19:29:19 19 north courieresmtpd: 
error,relay=18.205.72.90,port=3898,from=<supertool@mxtoolboxsmtpdiag.com>,to=<test@mxtoolboxsmtpdiag.com>:
 513 Relaying denied.


$ grep -P 'courieresmtpd: 
error,relay=[0fF:]*(?P<IP>(:?[0-9]{1,3}\.){3}[0-9]{1,3}),port=[^,]*,from=<[^>]*>,to=<[^>]*(?<!test@mxtoolboxsmtpdiag\.com)>:
 513 Relaying denied' /var/log/mail.log
Mar 11 16:24:48 19 north courieresmtpd: 
error,relay=193.107.219.182,port=62824,from=<spameri@tiscali.it>,to=<spameri@tiscali.it>:
 513 Relaying denied.


Happy hacking
Ale
--











reply via email to

[Prev in Thread] Current Thread [Next in Thread]