Author: Alan J. Flavell Date: To: Exim users list Subject: [Exim] U=hell ?
I've been noticing quite a number of exim log entries which include
"U=hell" in the field for the response to our ident request.
Most of these in fact seem to get rejected on the grounds of being
blacklisted, or on some other criterion which we apply. In fact on a
superficial inspection I can only find one that's managed to get past
the other defences, and that's from an IP address that's now
wall-to-wall blacklisted as an open proxy. But I thought I'd ask
anyway.
We already reject everything where the ident request comes up with
"squid" or "CacheFlow Server", as previously discussed. Is this ident
response of "hell" indicative of some other notorious open-proxy
software? I see a number of matches for "ident hell" in reports
logged at ...net-abuse.sightings, but I don't find anyone offering an
explanation for them. And hardly any matches in Google (web) search.