Community Discussions and Support
rset sent ?

Thanks for the replies... I got this .net when my .com was being blasted by spam... The .net was clean for 2 years til this so they found me again and I wanted to know what they found so I could be proactive...

 

Thank you everyone for this Wonderful mail server and all your dedication!!!

<p>Thanks for the replies... I got this .net when my .com was being blasted by spam... The .net was clean for 2 years til this so they found me again and I wanted to know what they found so I could be proactive...</p><p> </p><p>Thank you everyone for this Wonderful mail server and all your dedication!!! </p>

Hello I am dealing with russian spammers... this morning someone sent a RSET after sending to a fictitious  user at my mail domain... Can someone tell me what kind of inf0 they are trying to gain? I noticed it was 31 seconds before the connection was closed...

 

mercury/32 4.7 running for 4 years now and this ditty is new to me...

 09:35:46.906: Connection from 64.90.191.10, Thu Apr 11 09:35:46 2013<lf>
09:35:46.937: << 220 mail.xxxxxxxx.net ESMTP server ready.<cr><lf>
09:35:46.953: >> HELO u00.net<cr><lf>
09:35:46.953: << 250 mail.xxxxxxxx.net Hello, u00.net.<cr><lf>
09:35:46.000: >> MAIL FROM:<verity@u00.net><cr><lf>
09:35:46.187: << 250 Sender OK - send RCPTs.<cr><lf>
09:35:47.218: >> RCPT TO:<mx0va6z@themoddepot.net><cr><lf>
09:35:47.218: << 550 Address '<mx0va6z@xxxxxxxxxx.net>' not known here.<cr><lf>
09:35:47.250: >> RSET<cr><lf>
09:35:47.250: << 250 Command processed OK.<cr><lf>
09:36:17.250: 8: Socket read timeout
09:36:17.250: --- Connection closed normally at Thu Apr 11 09:36:17 2013. ---
09:36:17.250:

 thank you

&lt;p&gt;Hello I am dealing with russian spammers... this morning someone sent a RSET after sending to a fictitious&amp;nbsp; user at my mail domain... Can someone tell me what kind of inf0 they are trying to gain? I noticed it was 31 seconds before the connection was closed...&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;mercury/32 4.7 running for 4 years now and this ditty is new to me...&lt;/p&gt;&lt;p&gt;&amp;nbsp;09:35:46.906: Connection from 64.90.191.10, Thu Apr 11 09:35:46 2013&amp;lt;lf&amp;gt; 09:35:46.937: &amp;lt;&amp;lt; 220 mail.xxxxxxxx.net ESMTP server ready.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:46.953: &amp;gt;&amp;gt; HELO u00.net&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:46.953: &amp;lt;&amp;lt; 250 mail.xxxxxxxx.net Hello, u00.net.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:46.000: &amp;gt;&amp;gt; MAIL FROM:&amp;lt;verity@u00.net&amp;gt;&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:46.187: &amp;lt;&amp;lt; 250 Sender OK - send RCPTs.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:47.218: &amp;gt;&amp;gt; RCPT TO:&amp;lt;mx0va6z@themoddepot.net&amp;gt;&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:47.218: &amp;lt;&amp;lt; 550 Address &#039;&amp;lt;mx0va6z@xxxxxxxxxx.net&amp;gt;&#039; not known here.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:47.250: &amp;gt;&amp;gt; RSET&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:35:47.250: &amp;lt;&amp;lt; 250 Command processed OK.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 09:36:17.250: 8: Socket read timeout 09:36:17.250: --- Connection closed normally at Thu Apr 11 09:36:17 2013. --- 09:36:17.250: &lt;/p&gt;&lt;p&gt;&amp;nbsp;thank you &lt;/p&gt;

Looks like some badly programmed spam bot that didn't know what to do when the RCPT was rejected. Other than keeping a TCP socket up until it times out there is no harm or gain from it.

/Rolf 

&lt;p&gt;Looks like some badly programmed spam bot that didn&#039;t know what to do when the RCPT was rejected. Other than keeping a TCP socket up until it times out there is no harm or gain from it.&lt;/p&gt;&lt;p&gt;/Rolf&amp;nbsp;&lt;/p&gt;

[quote user="Skink"]

Hello I am dealing with russian spammers... this morning someone sent a RSET after sending to a fictitious  user at my mail domain...[/quote]

RSET just means 'reset' - usually in preparation of sending new details.  It doesn't get any information.  I get many of these types of probes every day.

[quote user=&quot;Skink&quot;] &lt;P&gt;Hello I am dealing with russian spammers... this morning someone sent a RSET after sending to a fictitious&amp;nbsp; user at my mail domain...[/quote]&lt;/P&gt; &lt;P&gt;RSET just means &#039;reset&#039; - usually in preparation of sending new details.&amp;nbsp; It doesn&#039;t&amp;nbsp;get any information.&amp;nbsp; I get many of these types of probes every day.&lt;/P&gt;
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft