...

Hi!

...

If they are legitimate, I certainly wouldn't want to buy any anti-virus or anti-spam software from these people!

They are running an open relay:

% telnet mailgate.gfi.com 25 Trying 80.85.99.13... Connected to mailgate.gfi.com. Escape character is '^]'. 220 mailgate.gfi.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Fri, 8 Apr 2005 07:43:44 +0200 helo plectere.com 250 mailgate.gfi.com Hello [64.32.188.109] mail from: <> 250 2.1.0 <>....Sender OK rcpt to: test@plectere.com 250 2.1.5 test@plectere.com quit 221 2.0.0 mailgate.gfi.com Service closing transmission channel Connection closed by foreign host.

gfi.com, the same gfi.com thats selling mail security products? One word: Amazing.

550 5.7.1 Unable to relay for ...

Just checked, and it seems they closed it allready.

Bye, Raymond.

Raymond,

Very nice apology from David Vella late last night (or early this morning, depending on your point of view ):

... Subject: RE: [SURBL-Discuss] Forge SURBL mail from gfi.com, just minutes ago. Date: Fri, 8 Apr 2005 09:06:25 +0200 ... From: "David Vella" david@gfi.com To: "SURBL Discussion list" discuss@lists.surbl.org ... Hi,

Sorry for this. I am the GFI MailEssentials/MailSecurity/MailArchiver product manager and I am a list subscriber because I like the SURBL concept. The reason of these emails seems to be because yesterday our network administrator installed a new email relay server (named passthrough) and I believe that he has mis-configured it. I sent him all this info so that he will look into it.

I will make sure that this is fixed immediately.

regards,

David Vella - GFI Software Ltd. - www.gfi.com Messaging, Content Security & Network security software GFI: FAXmaker - LANguard - MailSecurity - DownloadSecurity

... [snipped - mostly a copy of one of my mesages]

Now we just have to help them off of the blacklists they got on last night (rfci.{whois,postmaster,abuse}) and they were already on L2 SPEWS.

It seems that while the evidence for the "whois" listing, was correct, it was actually "insufficient" - San Gwann is not a "city", but it is a valid postal station in Malta (and I have learned, that similar situations also occur in some North African countries), so they can get off of the "rfci.whois" list with an email to rfci. They did bounce the postmaster@ and abuse@ messages, so they'll have to add/enable those accounts, then they can get off of those lists quickly too. As to SPEWS, well, someone will have to do the standard beg and plead and suffer abuse on NAMAE (I haven't checked why they were listed there to begin with, so I don't know exactly how much pleading and abuse will be required).

Since you already have abuse@ and postmaster@ on the "Cc:" list, we'll quickly see if they still bounce.

Paul Shupak track@plectere.com