Mailing List SIMS@mail.stalker.com Message #6129
From: Rick Palmer <repalmer@sunflower.org>
Subject: Re: Odd SYSTEM Account log entry
Date: Sat, 3 Jun 2000 23:57:26 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
Wow...that was good Bill....

rick




What you are seeing is someone trying to authenticate to an account
specified in LDAP format (or X.500, which is essentially the same). It
appears that you are running one of the latest versions of SIMS that
supports SMTP AUTH. The presumptively-mismanaged machine (it's on RSS
after all) sees AUTH capability and is assuming that AUTH means the
Netscape implementation of inter-server authentication that predates the
current AUTH standard and is not perfectly compatible with the standard.

The broken server is trying to authenticate to your server, as the
'Account' named "cn=mail-ns.flad.de, cn=ns.flad.de, ou=Netscape Servers"
which is a perfectly valid LDAP name but which SIMS can't figure out: it
looks for an account file with that name and doesn't find it: that's the
-43 error.

The end result of this is pretty ugly. Every time a spammer tries to rape
that box, it talks to machines around the world and tries to use an
authentication system that clearly shouldn't go outside the range of some
unspecified LDAP server in Germany. Leaving its password in mail logs
worldwide. Oops.


--
Bill Cole
MAPS L.L.C. Consulting Services Group
Incident Response Service Senior Consultant
(hey look, I got a new job!!!)

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <SIMS@mail.stalker.com>.
To unsubscribe, E-mail to: <SIMS-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <SIMS-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <SIMS-index@mail.stalker.com>
Send administrative queries to  <SIMS-request@mail.stalker.com>

--
--
rick palmer ---------------------------------------------------------
"How dare the government intervene to stifle innovation in
the computer industry! That's Microsoft's job, dammit."
---------------------------------------------------------------------
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster