sqlgrey-users

[Sqlgrey-users] Non retrying servers

[Lionel B. <lio...@bo...>]

I've received a notification for the two following servers.

mxs1.siemens.at (194.138.12.131)
mxs2.siemens.at (194.138.12.133)

Apparently they don't retry. Can anyone confirm this? At least they seem 
legitimate. So baring any problem, I'll add them in the whitelists tomorrow.

Lionel.

Re: [Sqlgrey-users] Non retrying servers

[Michael S. <Mic...@lr...>]

On Thu, 30 Nov 2006, Lionel Bouton wrote:

> I've received a notification for the two following servers.
>
> mxs1.siemens.at (194.138.12.131)
> mxs2.siemens.at (194.138.12.133)
>

At least they are in my domain_awl:

+---------------+----------------+---------------------+---------------------+
| sender_domain | src            | first_seen          | last_seen           |
+---------------+----------------+---------------------+---------------------+
| siemens.com   | 194.138.12.131 | 2006-01-16 16:17:12 | 2006-11-29 15:08:34 |
| siemens.com   | 194.138.12.133 | 2005-10-12 09:00:21 | 2006-11-29 10:48:59 |
+---------------+----------------+---------------------+---------------------+

And they use sendmail:

telnet 194.138.12.131 25
Trying 194.138.12.131...
Connected to 194.138.12.131.
Escape character is '^]'.
220 atvies1zqx.siemens.at ESMTP MTA ready at Thu, 30 Nov 2006 14:50:32 +0100
help
214-2.0.0 This is sendmail version 8.13.1
214-2.0.0 Topics:
214-2.0.0       HELO    EHLO    MAIL    RCPT    DATA
214-2.0.0       RSET    NOOP    QUIT    HELP    VRFY
214-2.0.0       EXPN    VERB    ETRN    DSN     AUTH
214-2.0.0       STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation send email to
214-2.0.0       sen...@se....
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info

Therefore I assume they retry.

> Apparently they don't retry. Can anyone confirm this? At least they seem
> legitimate. So baring any problem, I'll add them in the whitelists tomorrow.
>
> Lionel.
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Sqlgrey-users mailing list
> Sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlgrey-users
>

Michael Storz
--
======================================================
Leibniz-Rechenzentrum      |    <mailto:St...@lr...>
Boltzmannstr. 1            |    Fax: +49 89 35831-9700
85748 Garching / Germany   |    Tel: +49 89 35831-8840
======================================================

Re: [Sqlgrey-users] Non retrying servers

[<tom...@fi...>]

On 2006-11-30 14:10:50 +0100, Lionel Bouton 
<lio...@bo...> said:

> I've received a notification for the two following servers.
> 
> mxs1.siemens.at (194.138.12.131)
> mxs2.siemens.at (194.138.12.133)
> 
> Apparently they don't retry. Can anyone confirm this? At least they 
> seem legitimate. So baring any problem, I'll add them in the whitelists 
> tomorrow.


ahd1014.activehost.com [69.89.227.49]

No retry. As they are a hosting company I presume they use multiple 
SMTP servers.

Re: [Sqlgrey-users] Non retrying servers

[Lionel B. <lio...@bo...>]

Tomislav Filip=C4=8Di=C4=87 wrote the following on 30.11.2006 19:15 :
> On 2006-11-30 14:10:50 +0100, Lionel Bouton=20
> <lio...@bo...> said:
>
>  =20
>> I've received a notification for the two following servers.
>>
>> mxs1.siemens.at (194.138.12.131)
>> mxs2.siemens.at (194.138.12.133)
>>
>> Apparently they don't retry. Can anyone confirm this? At least they=20
>> seem legitimate. So baring any problem, I'll add them in the whitelist=
s=20
>> tomorrow.
>>    =20
>
>
> ahd1014.activehost.com [69.89.227.49]
>  =20

That's a suspicious looking little box... This is not the MX for the
domain (although it isn't uncommon to have different outgoing servers,
it's rather uncommon that they have such anonymous names). A bunch of
dns lookups in the same class C shows several other
ahd10??.activehost.com names scattered across the class C. Does this
system really send legitimate mails and if affirmative, from which domain=
s?

Lionel

Re: [Sqlgrey-users] Non retrying servers

[<tom...@fi...>]

On 2006-11-30 22:51:35 +0100, Lionel Bouton 
<lio...@bo...> said:

> > ahd1014.activehost.com [69.89.227.49]
> >
> 
> That
> 's a suspicious looking little box... This is not the MX for the
> domain (although it isn't uncommon to have differ
> ent outgoing servers,
> it's rather uncommon that they have
>  such anonymous names). A bunch of
> dns lookups in the sam
> e class C shows several other
> ahd10??.activehost.com name
> s scattered across the class C. Does this
> system really s
> end legitimate mails and if affirmative, from which domai
> ns?

Namecheap, a popular domain registar (http://www.namecheap.com/). I 
only noticed when one of my domains nearly expired when I didn't get a 
renewal notice.

I have them in my whitelist now, and here is recent log.

Nov 27 06:25:48 ra postfix/smtpd[24032]: connect from 
ahd1014.activehost.com[69.89.227.49]
Nov 27 06:25:49 ra sqlgrey: whitelist: ren...@na..., 
69.89.227.49(ahd1014.activehost.com)
-> tom...@fi...
Nov 27 06:25:49 ra postfix/smtpd[24032]: 2B2F78C020: 
client=ahd1014.activehost.com[69.89.227.49]
Nov 27 06:25:49 ra postfix/cleanup[24034]: 2B2F78C020: 
message-id=<20061127-00210389-9a4-0@IPDMDZ000
2MIA>
Nov 27 06:25:49 ra postfix/qmgr[14772]: 2B2F78C020: 
from=<ren...@na...>, size=1805, nrcpt=
1 (queue active)

[cut]


I guess you could try it by registering a account with namecheap and 
wait for the confirmation mail, but I doubt it they fixed it.

Tomislav