RE: Hmm. - now virus?

1 Aug 2001

      At 4:55 PM +1200 2/8/01, mat(a)voyager.co.nz wrote:
...
I was just reading this post and noticed somethign funny in the header
X-Authentication-Warning: kiwi.wise.net.nz: Host
dup-200-64-243-21.prodigy.net.mx [200.64.243.21] claimed to be [192.168.1.50]
X-Sender: agardner(a)wise.net.nz
Date: Wed, 1 Aug 2001 23:37:23 -0500
To: 
From: Andy Gardner 
Subject: RE: Hmm.
Sender: owner-nznog(a)list.waikato.ac.nz
Namely the reference to prodigy.net.mx.
Funny I say as we blocked this domain this morning due to an unusually high
number of relay attempts to our mail logs, The Domain makes up part of the
from address from different dialups around the world.
eg:
Aug  2 08:50:49 callisto sendmail[24903]: IAA24903: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP,
relay=d8-34.svm.c2i2.com [216.183.195.227]
Aug  2 08:50:52 callisto sendmail[24941]: IAA24941: ruleset=check_rcpt,
arg1=, relay=d8-34.svm.c2i2.com
[216.183.195.227], reject=550 ... Relaying denied
Aug  2 08:50:53 callisto sendmail[24941]: IAA24941: lost input channel from
d8-34.svm.c2i2.com [216.183.195.227]
Aug  2 08:50:53 callisto sendmail[24941]: IAA24941: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP,
relay=d8-34.svm.c2i2.com [216.183.195.227]
Aug  2 16:33:08 callisto sendmail[11077]: QAA11077: ruleset=check_mail,
arg1=, relay=203-79-79-241.ipn8.paradise.net.nz
[203.79.79.241], reject=550 ... Your domain is blocked
due to abuse
Aug  2 16:33:08 callisto sendmail[11077]: QAA11077:
from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP,
relay=203-79-79-241.ipn8.paradise.net.nz [203.79.79.241]
Is this part of the SirCam Virus?
If not does any one have any clues as to what it is?
If so , do you have this virus Andy?
prodigy.com.mx is run by the emcumbant monopoly telco here in Mexico.

That will tell you something about their open mail relay. :^)

I connect via "Prodigy Turbo" which is the telco's ISDN service.
~US$80/month + US$0.20 per call (first 200 calls free).

Routers dying off at inopportune moments is a common occurrence.

I have no other choice for >56k connections apart from paying around about
twice (or more) what you would in NZ for DDS. :^(

-- 
Andrew P. Gardner
barcelona.com stolen, stmoritz.com stays. What's uniform about the UDRP?
We could ask ICANN to send WIPO a clue, but do they have any to spare?
Get active: http://www.tldlobby.com
---------
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz
where the body of your message reads:
unsubscribe nznog