Incoming mail question, what's happening?

Feek · 07-05-2007, 13:17

Every 15 minutes, 24/7 I get the following connection to my mail router.

Quote:

Mon 2007-05-07 12:59:59: Session 1057; child 1; thread 3324
Mon 2007-05-07 12:59:48: Accepting SMTP connection from [195.157.130.161 : 41779]
Mon 2007-05-07 12:59:48: Performing PTR lookup (161.130.157.195.IN-ADDR.ARPA)
Mon 2007-05-07 12:59:48: * Error: Name server reports domain name unknown
Mon 2007-05-07 12:59:48: * No PTR records found
Mon 2007-05-07 12:59:48: ---- End PTR results
Mon 2007-05-07 12:59:48: --> 220 all-one-word.com ESMTP MDaemon 9.5.2; Mon, 07 May 2007 12:59:48 +0100
Mon 2007-05-07 12:59:49: <-- EHLO titian.gsb.co.uk
Mon 2007-05-07 12:59:49: Performing IP lookup (titian.gsb.co.uk)
Mon 2007-05-07 12:59:49: * Error: Name server reports domain name unknown
Mon 2007-05-07 12:59:49: ---- End IP lookup results
Mon 2007-05-07 12:59:49: EHLO/HELO response delayed 10 seconds
Mon 2007-05-07 12:59:59: --> 250-all-one-word.com Hello titian.gsb.co.uk, pleased to meet you
Mon 2007-05-07 12:59:59: --> 250-ETRN
Mon 2007-05-07 12:59:59: --> 250-AUTH=LOGIN
Mon 2007-05-07 12:59:59: --> 250-AUTH LOGIN CRAM-MD5
Mon 2007-05-07 12:59:59: --> 250-8BITMIME
Mon 2007-05-07 12:59:59: --> 250 SIZE 0
Mon 2007-05-07 12:59:59: Connection closed
Mon 2007-05-07 12:59:59: SMTP session terminated (Bytes in/out: 23/218)

That IP relates to Granada Sky Broadcasting Ltd. Not sure if this is Sky itself. I don't have any internet stuff with them and I don't recall ever giving them an email address. There are never any attempts to send anything, it's always just the same as above.

The 161 IP is the University of Missouri-Columbia? wtf?

Any idea what's happening there?

Daz · 07-05-2007, 13:44

ETRN is a command/request to deliver stored email on the destination server to the source domain (titian.gsb.co.uk in this case). It is odd that you're seeing it, only thing I can suggest is contact the webmaster and see what the crack is.

Feek · 07-05-2007, 14:45

I've already done that a few days ago with no reply. It's not hurting me, it's just annoying

Garp · 07-05-2007, 15:14

At a guess I'd say their box on that IP is hacked. *checks whois for abuse details*

Oh bollocks...Thats one of our customers

Send an abuse e-mail in to abuse@netscalibur.co.uk containing those logs, and include details of frequency of such attempts, tell me the ticket number and I'll make sure the abuse team investigates. Thats not equipment NOC have any responsibility, looks like its hung on the end of a leased line, but our abuse team will be able to get in contact with a proper tech contact at there end.

Feek · 07-05-2007, 15:27

lol
Email sent, I'll let you know a ticket number as and when I get it, ta.

Feek · 08-05-2007, 22:09

No reply to the mail I sent to that abuse address

Garp · 08-05-2007, 23:27

Quote:

Originally Posted by Feek

No reply to the mail I sent to that abuse address

Gah.. chuck one to abuse@uk.clara.net you'll get an automatic ticket response from our ticketing system. I'll do some checks tomorrow and see if I can trace abuse tickets through from the netscalibur domain. ITs supposed to forward to the ticketing system but obviously something has gone tits up. *sigh*

Feek · 09-05-2007, 13:03

Did that this morning, got a reply but there was no number on it, just a generic autoreply..

Garp · 09-05-2007, 18:16

I've knocked up a ticket myself, I'll keep an eye on it and chase the team tomorrow

07-05-2007, 13:44	#2
Daz The Stig Join Date: Jun 2006 Location: Swad! Posts: 10,713	ETRN is a command/request to deliver stored email on the destination server to the source domain (titian.gsb.co.uk in this case). It is odd that you're seeing it, only thing I can suggest is contact the webmaster and see what the crack is. __________________ apt-get moo

07-05-2007, 14:45	#3
Feek ex SAS Join Date: Jun 2006 Location: JO01ou Posts: 10,062	I've already done that a few days ago with no reply. It's not hurting me, it's just annoying __________________

07-05-2007, 15:14	#4
Garp Preparing more tumbleweed Join Date: Jun 2006 Location: Hawaii Posts: 6,038	At a guess I'd say their box on that IP is hacked. checks whois for abuse details Oh bollocks...Thats one of our customers Send an abuse e-mail in to abuse@netscalibur.co.uk containing those logs, and include details of frequency of such attempts, tell me the ticket number and I'll make sure the abuse team investigates. Thats not equipment NOC have any responsibility, looks like its hung on the end of a leased line, but our abuse team will be able to get in contact with a proper tech contact at there end. __________________ Mal: Define "interesting"? Wash: "Oh, God, oh, God, we're all gonna die"?

07-05-2007, 15:27	#5
Feek ex SAS Join Date: Jun 2006 Location: JO01ou Posts: 10,062	lol Email sent, I'll let you know a ticket number as and when I get it, ta. __________________

08-05-2007, 22:09	#6
Feek ex SAS Join Date: Jun 2006 Location: JO01ou Posts: 10,062	No reply to the mail I sent to that abuse address __________________

09-05-2007, 13:03	#8
Feek ex SAS Join Date: Jun 2006 Location: JO01ou Posts: 10,062	Did that this morning, got a reply but there was no number on it, just a generic autoreply.. __________________

09-05-2007, 18:16	#9
Garp Preparing more tumbleweed Join Date: Jun 2006 Location: Hawaii Posts: 6,038	I've knocked up a ticket myself, I'll keep an eye on it and chase the team tomorrow __________________ Mal: Define "interesting"? Wash: "Oh, God, oh, God, we're all gonna die"?