Forum Moderators: phranque
According to their site my server is an open proxy on the HTTP CONNECT protocol.
Full output
x.x.x.x:hc:2089: >> CONNECT y.y.y.y:25 HTTP/1.0\r\n
x.x.x.x:hc:2089: >> \r\n
x.x.x.x:hc:2089: >> help njablproxytest\r\n
x.x.x.x:hc:2089: << HTTP/1.0 200 Connection established\r\n
x.x.x.x:hc:2089: << \r\n
x.x.x.x:hc:2089: HTTP request successeful (200)
x.x.x.x:hc:2089: << 220 rt.njabl.org ESMTP Sendmail 8.11.6/8.11.6; Wed, 4 Feb 2004 10:58:31 -0500\r\n
x.x.x.x:hc:2089: << 214-2.0.0 njabl.org proxytest response to x.x.x.x\r\n
x.x.x.x:hc:2089: << 214 2.0.0 End of HELP info\r\n
x.x.x.x hc:2089 open
where x.x.x.x is my server ip and y.y.y.y is unrecognised, presumably something to do with njabl's testing.
I can't make head or tail of this. Don't even know whether I should be looking at the web server or the email server!
Where do I start?
netstat -npl
and... I didn't have anything listening on port 2089! Requested removal via njabl's removal form. All sorted.
At which point of course I realised that if I'd paid a bit more attention to some of the other details ("4 Feb 2004" is well before I took over the IP address) I could have gone straight to the removal form as a first response.
Ho hum. I learnt what my first step would be I suppose :)
Suppose it all also proves it's worth checking your IP addresses against the blacklists, at the very least when you first get them.
