[SURBL-Discuss] Forge SURBL mail from gfi.com, just minutes ago.

List Mail User track at Plectere.com
Fri Apr 8 07:45:46 CEST 2005


>...
>
>List Mail User wrote:
>  > P.S.  I refused it, so I don't know what it was.  I do know the
>> domain registration is false;  There is no city named "San Gwann"
>> in the country of Malta.
>
>http://www.holidays-malta.com/locality_info/san_gwann.htm
>
>
	Apparently not a "city" but a recognized "village"; I guess it's
like living in unincorparated parts of LA.  Note the company claims to be
"GFI Software Ltd" and sell anti-spam, anit-virus and email products.
Did anyone actually receive the email?  Was it just directed at me?
Another batch of attempts just occurred:

Apr  7 22:22:26 mailhub postfix/qmgr[14119]: D6A9C6A44: removed
Apr  7 22:22:31 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:32 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=<discuss-bounces at lists.surbl.org> to=<track at plectere.com> proto=ESMTP helo=<passthrough>
Apr  7 22:22:33 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:33 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:33 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:34 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=<discuss-bounces at lists.surbl.org> to=<track at plectere.com> proto=ESMTP helo=<passthrough>
Apr  7 22:22:34 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:34 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:34 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:35 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=<discuss-bounces at lists.surbl.org> to=<track at plectere.com> proto=ESMTP helo=<passthrough>
Apr  7 22:22:36 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:36 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:36 mailhub postfix/smtpd[24110]: connect from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:37 mailhub postfix/smtpd[24110]: NOQUEUE: reject: RCPT from mailgate.gfi.com[80.85.99.13]: 450 <passthrough>: Helo command rejected: Host not found; from=<discuss-bounces at lists.surbl.org> to=<track at plectere.com> proto=ESMTP helo=<passthrough>
Apr  7 22:22:37 mailhub postfix/smtpd[24110]: lost connection after RSET from mailgate.gfi.com[80.85.99.13]
Apr  7 22:22:37 mailhub postfix/smtpd[24110]: disconnect from mailgate.gfi.com[80.85.99.13]


	If they are legitimate, I certainly wouldn't want to buy any anti-virus
or anti-spam software from these people!

	They are running an open relay:

% telnet mailgate.gfi.com 25
Trying 80.85.99.13...
Connected to mailgate.gfi.com.
Escape character is '^]'.
220 mailgate.gfi.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Fri, 8 Apr 2005 07:43:44 +0200 
helo plectere.com
250 mailgate.gfi.com Hello [64.32.188.109]
mail from: <>
250 2.1.0 <>....Sender OK
rcpt to: <test at plectere.com>
250 2.1.5 test at plectere.com 
quit
221 2.0.0 mailgate.gfi.com Service closing transmission channel
Connection closed by foreign host.

	Paul Shupak
	track at plectere.com


More information about the Discuss mailing list