You are here: Home > Participate > Join a Discussion > Mailman Archives

[anti-spam-wg] Semi-OT: XXXX SMTP command

  • From: Markus Stumpf maex-lists-spam-ripe-anti-spam@localhost
  • Date: Thu, 12 Jan 2006 18:54:44 +0100
  • Comment: DomainKeys? See
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=testkey;; b=nWId7U7r3+lhEogsN3xwLTYRlJMjH1QjPX0HRyn1oKVXNLGZkLcxKsy6uQmpLkse ;
  • Organization: SpaceNet AG, Muenchen, Germany

To reject open proxy servers injecting mail, I reject SMTP session in
which the first command is an unknown (POST) command:
    unknown: rejected: UNIMPL-EXPLOIT POST / HTTP/1.0 rejected: UNIMPL-EXPLOIT POST / HTTP/1.0
    [ ... ]

Lately I see more and more hosts that send XXXX. rejected: UNIMPL-EXPLOIT XXXX rejected: UNIMPL-EXPLOIT XXXX rejected: UNIMPL-EXPLOIT XXXX rejected: UNIMPL-EXPLOIT XXXX

From the structure of the command I'd guess it is some filter/firewall
that maybe sees an EHLO, considers this a bad command and masks it with

Anybody else seeing this or knows what fine piece of ^H^H^H^H^Hsoftware
is doing this?


SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"