What's even funnier is that GFI just announced yesterday they are building SURBL checking into their anti-spam software (which, by the way, is very widely used on Exchange servers in the USA).
http://www.gfi.com/news/en/mes11launch.htm
Matthew Wilson, MCSE (2003), MCSA-Messaging Network Administrator matthew@boomer.com Boomer Consulting, Inc. 610 Humboldt Manhattan, KS 66502 http://www.boomer.com 1-888-266-6375 x 17
-----Original Message----- From: discuss-bounces@lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of List Mail User Sent: Friday, April 08, 2005 12:46 AM To: discuss@lists.surbl.org; spamassassin@dostech.ca Cc: track@plectere.com; postmaster@gfi.com; abuse@gfi.com Subject: Re: [SURBL-Discuss] Forge SURBL mail from gfi.com, just minutes ago.
...
List Mail User wrote:
P.S. I refused it, so I don't know what it was. I do know the domain registration is false; There is no city named "San Gwann" in the country of Malta.
Apparently not a "city" but a recognized "village"; I guess it's like living in unincorparated parts of LA. Note the company claims to be "GFI Software Ltd" and sell anti-spam, anit-virus and email products. Did anyone actually receive the email? Was it just directed at me? Another batch of attempts just occurred:
Apr 7 22:22:26 mailhub postfix/qmgr[14119]: D6A9C6A44: removed Apr 7 22:22:31 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:32 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:33 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:33 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:33 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:34 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:34 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:34 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:34 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:35 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:36 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:36 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:36 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:37 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:37 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:37 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13]
If they are legitimate, I certainly wouldn't want to buy any anti-virus or anti-spam software from these people!
They are running an open relay:
% telnet mailgate.gfi.com 25 Trying 80.85.99.13... Connected to mailgate.gfi.com. Escape character is '^]'. 220 mailgate.gfi.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Fri, 8 Apr 2005 07:43:44 +0200 helo plectere.com 250 mailgate.gfi.com Hello [64.32.188.109] mail from: <> 250 2.1.0 <>....Sender OK rcpt to: test@plectere.com 250 2.1.5 test@plectere.com quit 221 2.0.0 mailgate.gfi.com Service closing transmission channel Connection closed by foreign host.
Paul Shupak track@plectere.com _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss