Thanks so much, Jeremy!
At 3:17 PM -0500 6/28/04, Jeremy Kitchen wrote:
On Monday 28 June 2004 02:40 pm, Kit Halsted wrote:>if the server in question is the MX for kithalsted.com, it appears to be > fine,
It's the secondary for that domain, actually.
ok.
Received: from unknown (HELO exhausted) ([EMAIL PROTECTED])
Ah, so I was looking at the wrong header?
[EMAIL PROTECTED] ~ $ echo -n "webmaster" | mimencode d2VibWFzdGVy [EMAIL PROTECTED] ~ $ telnet athena.interdyne.net 25 Trying 64.147.96.42... Connected to athena.interdyne.net. Escape character is '^]'. 220 athena.interdyne.net ESMTP ehlo inter7.com 250-athena.interdyne.net 250-STARTTLS 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN CRAM-MD5 auth login 334 VXNlcm5hbWU6 d2VibWFzdGVy 334 UGFzc3dvcmQ6 d2VibWFzdGVy 235 ok, go ahead (#2.0.0) quit 221 athena.interdyne.net Connection closed by foreign host.
I figured it would be webmaster. the user 'webmaster' has the password 'webmaster' which spammers will attempt, for sure, and they found it.
That user sure as hell doesn't have that password anymore!
athena:domains {167} telnet athena 25
Trying 64.147.96.42...
Connected to athena.
Escape character is '^]'.
220 athena.interdyne.net ESMTP
ehlo bogus.com
250-athena.interdyne.net
250-STARTTLS
250-PIPELINING
250-8BITMIME
250 AUTH LOGIN PLAIN CRAM-MD5
auth login
334 VXNlcm5hbWU6
d2VibWFzdGVy
334 UGFzc3dvcmQ6
d2VibWFzdGVy
535 authentication failed (#5.7.1)
Urgh. Now to attempt to implement some sort of password policy...
Again, thanks much!
-Kit
--
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"...qui desiderat pacem, praeparet bellum" (...if you would have peace, be prepared for war) -Flavius Vegetius Renatus
