What's even funnier is that GFI just announced yesterday they are building SURBL checking into their anti-spam software (which, by the way, is very widely used on Exchange servers in the USA).
http://www.gfi.com/news/en/mes11launch.htm
Matthew Wilson, MCSE (2003), MCSA-Messaging Network Administrator matthew@boomer.com Boomer Consulting, Inc. 610 Humboldt Manhattan, KS 66502 http://www.boomer.com 1-888-266-6375 x 17
-----Original Message----- From: discuss-bounces@lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of List Mail User Sent: Friday, April 08, 2005 12:46 AM To: discuss@lists.surbl.org; spamassassin@dostech.ca Cc: track@plectere.com; postmaster@gfi.com; abuse@gfi.com Subject: Re: [SURBL-Discuss] Forge SURBL mail from gfi.com, just minutes ago.
...
List Mail User wrote:
P.S. I refused it, so I don't know what it was. I do know the domain registration is false; There is no city named "San Gwann" in the country of Malta.
Apparently not a "city" but a recognized "village"; I guess it's like living in unincorparated parts of LA. Note the company claims to be "GFI Software Ltd" and sell anti-spam, anit-virus and email products. Did anyone actually receive the email? Was it just directed at me? Another batch of attempts just occurred:
Apr 7 22:22:26 mailhub postfix/qmgr[14119]: D6A9C6A44: removed Apr 7 22:22:31 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:32 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:33 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:33 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:33 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:34 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:34 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:34 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:34 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:35 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:36 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:36 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:36 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:37 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=discuss-bounces@lists.surbl.org to=track@plectere.com proto=ESMTP helo=<passthrough> Apr 7 22:22:37 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13] Apr 7 22:22:37 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13]
If they are legitimate, I certainly wouldn't want to buy any anti-virus or anti-spam software from these people!
They are running an open relay:
% telnet mailgate.gfi.com 25 Trying 80.85.99.13... Connected to mailgate.gfi.com. Escape character is '^]'. 220 mailgate.gfi.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Fri, 8 Apr 2005 07:43:44 +0200 helo plectere.com 250 mailgate.gfi.com Hello [64.32.188.109] mail from: <> 250 2.1.0 <>....Sender OK rcpt to: test@plectere.com 250 2.1.5 test@plectere.com quit 221 2.0.0 mailgate.gfi.com Service closing transmission channel Connection closed by foreign host.
Paul Shupak track@plectere.com _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Thursday, April 7, 2005, 10:54:23 PM, Matthew Wilson wrote:
What's even funnier is that GFI just announced yesterday they are building SURBL checking into their anti-spam software (which, by the way, is very widely used on Exchange servers in the USA).
Thanks for the reminder. Someone from there wrote me about GFI using SURBLs. I'm writing him about their mail server.
Jeff C. -- "If it appears in hams, then don't list it."
-
Jeff Chan -
Matthew Wilson