[NTISP] SMTP Abuse Alert - And the workaround for it.

Rudy Komsic ( (no email) )
Wed, 10 Mar 1999 19:08:33 -0500

Well this has become a major problem. Companies abusing SMTP to scan for
E-Mail addresses. Check on the link below to see if your Mail Server has
been hardcoded into this SMTP E-Mail verify Scanner. If it has, I would
strongly suggest switching to Mailsite 3.2.0 or equivelent with all the
security features to verify mail servers.

We have locked it down enabling all anti-spam features and we even found
hundreds of domains with Poorly implemented DNS Records. There are
basically no reverse lookups for a lot of doamins we got requests from.
each day I produce about 10mb of logs of failed mail deliveries due to the
Reverse DNS Lookup of the sending mailserver.

Rudy Komsic - President
Cyberglobe Communications Inc.

> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@NETSPACE.ORG] On Behalf Of Frank
> Miller
> Sent: March 10, 1999 2:25 PM
> Subject: SMTP Abuse - Extracted domains from glpro.exe application
> Per request, the following URL lists domains hardcoded into the glpro.exe
> application (version 3.3 trail).

In summary, the glpro.exe application performs, as discussed, a dictionary
based 'attack' upon MTA's (RCPT/MAIL) in order to obtain a list of addresses
for UCE's. Approximately 4000 + domains (including isi.edu!!) was noted.

Take care,

Frank Miller

For more information about this list, including removal,
see this url: http://www.iea-software.com/maillist.html