Tengo una aplicación personalizada que supervisa y registra la sesión SMTP de un usuario, y encontré a este spammer tratando de usar mi MTA como retransmisión.
¿Es posible determinar con qué nombre de usuario están intentando iniciar sesión?
Waiting for a connection... Connected!
SmtpReceiveTestAgent_OnEhloCommand
DisableStartTLS: False
Domain: OWNEROR-KTATDUI
Spambypass False
AuthenticationSource Anonymous
HelloDomain
IsConnected True
IsExternalConnection True
IsTls False
LastExternalIPAddress 5.9.32.178
LocalEndPoint 10.10.10.242:25
RemoteEndPoint 5.9.32.178:2648
SessionId 634767757514516172
Waiting for a connection... Connected!
SmtpReceiveTestAgent_OnAuthCommand
AuthenticationMechanism:
Spambypass False
AuthenticationSource Anonymous
HelloDomain OWNEROR-KTATDUI
IsConnected True
IsExternalConnection True
IsTls False
LastExternalIPAddress 5.9.32.178
LocalEndPoint 10.10.10.242:25
RemoteEndPoint 5.9.32.178:2648
SessionId 634767757514516172
Waiting for a connection... Connected!
SmtpReceiveTestAgent_OnReject
Command: TlRMTVNTUAADAAAAGAAYAH4AAABSAVIBlgAAAAAAAABYAAAACAAIAFgAAAAeAB4AYAAAAAA
AAADoAQAABYKIogYBsR0AAAAP1fXonCW+WU07L/KUILITX3QAZQBzAHQATwBXAE4ARQBSAE8AUgAtAEs
AVABBAFQARABVAEkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdkWHUUPIHk2TIK1nq2Rj8QEBAAAAAAA
Acvo4+TJYzQFloTpuXluwygAAAAACABAAUgBFAEwAQQBZADMANgAwAAEAGABDAE8ATgBZAEMARQBYADM
ANgAwADAAMgAEABwAcgBlAGwAYQB5ADMANgAwAC4AbABvAGMAYQBsAAMANgBDAE8ATgBZAEMARQBYADM
ANgAwADAAMgAuAHIAZQBsAGEAeQAzADYAMAAuAGwAbwBjAGEAbAAFABwAcgBlAGwAYQB5ADMANgAwAC4
AbABvAGMAYQBsAAcACABy+jj5MljNAQYABAACAAAACAAwADAAAAAAAAAAAAAAAAAwAAC0ykOxCYthQLJ
DgBWZ1QybmTgAin969Z+a+/3oBg6+MwoAEAAAAAAAAAAAAAAAAAAAAAAACQAQAFMATQBUAFAAUwBWAEM
ALwAAAAAAAAAAAAAAAAA=
Original Arguments:
Parsing Status: Error
SMTP Response: 535 5.7.3 Authentication unsuccessful
Spambypass False
AuthenticationSource Anonymous
HelloDomain OWNEROR-KTATDUI
IsConnected True
IsExternalConnection True
IsTls False
LastExternalIPAddress 5.9.32.178
LocalEndPoint 10.10.10.242:25
RemoteEndPoint 5.9.32.178:2648
SessionId 634767757514516172
Waiting for a connection... Connected!
SmtpReceiveTestAgent_OnHeloCommand
Helo Domain: 8.8.8.65
Spambypass False
AuthenticationSource Anonymous
HelloDomain
IsConnected True
IsExternalConnection True
IsTls False
LastExternalIPAddress 114.43.5.69
LocalEndPoint 10.10.10.242:25
RemoteEndPoint 114.43.5.69:11968
SessionId 634767757514516612
Waiting for a connection... Connected!
SmtpReceiveTestAgent_onMailCommand
Auth:
BodyType: NotSpecified
DSN requested: NotSpecified
EnvelopeID:
FromAddress: [email protected]
Oorg:
Size: 0
Spambypass False
AuthenticationSource Anonymous
HelloDomain 8.8.8.65
IsConnected True
IsExternalConnection True
IsTls False
LastExternalIPAddress 114.43.5.69
LocalEndPoint 10.10.10.242:25
RemoteEndPoint 114.43.5.69:11968
SessionId 634767757514516612
Waiting for a connection... Connected!
SmtpReceiveTestAgent_OnReject
Command: RCPT TO: <[email protected]>
Original Arguments:
Parsing Status: Error
SMTP Response: 550 5.7.1 Unable to relay
Spambypass False
AuthenticationSource Anonymous
HelloDomain 8.8.8.65
IsConnected True
IsExternalConnection True
IsTls False
LastExternalIPAddress 114.43.5.69
LocalEndPoint 10.10.10.242:25
RemoteEndPoint 114.43.5.69:11968
SessionId 634767757514516612
Waiting for a connection...