How common is this? Receiving mail server checks website

General public discussion.

Moderators: BBear, theunknownhost, flaguy

Post Reply
User avatar
Sapphyre
Official Test Penquin
Posts: 3337
Joined: Tue Nov 19, 2002 2:50 am
Location: Canada

How common is this? Receiving mail server checks website

Post by Sapphyre » Wed Sep 04, 2013 5:55 pm

Monitoring caught these in an account's visitor log
63.167.109.10 - - [04/Sep/2013:13:41:33 -0400] "CONNECT 192.168.1.6:25 HTTP/1.0\\r\\n\\r\\n" 400 299 "-" "-"

63.167.109.10 - - [04/Sep/2013:13:41:47 -0400] "POST http://192.168.1.6:25/ HTTP/1.0\\r\\nContent-Type: text/plain\\r\\nContent-Length: 6\\r\\n\\r\\nRSET\\r\\n" 400 299 "-" "-"
Checking for other activity from this IP, found the below - which are valid outgoing email from one of our clientele by SMTP to a couple of folks at slpipe. They accepted the mail, but is it a technical issue or misconfiguration on their end - what are they doing trying to get at port 25 on an internal IP which wouldn't work here, correct, and attempting to do this thru client's website? I assume maybe that's a valid IP in their network http://192.168.1.6:25 ... or is it some way to help determine if mail is coming from a legitimate source? I haven't seen anything like this before. Thoughts?
Sep 4 11:58:06 host sendmail[22130]: r84Fs6iT020942: to=<l........z@slpipe.com>, delay=00:00:05, xdelay=00:00:04, mailer=esmtp, pri=129946, relay=mail.slpipe.com. [63.167.109.10], dsn=2.0.0, stat=Sent (<201309041558.r84Fs6iT020942@host.d.......s.com> Queued mail for delivery)

Sep 4 13:31:05 host sendmail[16349]: r84HRrMF015365: to=<r.....r@slpipe.com>, delay=00:00:05, xdelay=00:00:05, mailer=esmtp, pri=129935, relay=mail.slpipe.com. [63.167.109.10], dsn=2.0.0, stat=Sent (<201309041731.r84HRrMF015365@host.d.......s.com> Queued mail for delivery)
Oh, wait, they came 10 minutes after the second mail, so it's not spam-checking on the fly at the time a mail is received after all. Care to guess at what they're doing?
It's a crested auklet

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest