---

Scientology Crime Syndicate

Subject: Copyright theft by parishioners.org! http://scientologysucks.lron.com
From: carl@five-ten-sg.com (Carl Byington)
Date: 18 Apr 1999 00:25:20 GMT

-----BEGIN PGP SIGNED MESSAGE-----

In article <aTBG3MdlgwSY092yn@islandnet.com>, martinh@islandnet.com says... >

>Interesting. So, who's their upstream provider? I suppose I will
>have to complain to the ISP's provider about their copyright theft
>of my works. This is what they wrote back to me today:

[snip]

>webmaster@parishioners.org.

Ok, so first nslookup to find the mail host for them.

$ nslookup > set type=mx
> parishioners.org
parishioners.org MX preference = 20, mail exchanger = mx.relaypoint.net

> server ns1.relaypoint.net
> ls -d parishioners.org
[ns1.relaypoint.net]
parishioners.org. SOA ns1.relaypoint.net root.relaypoint.net.
(1999032201 3600 900 604800 86400)
parishioners.ORG. NS ns1.relaypoint.net
parishioners.ORG. NS ns2.relaypoint.net
parishioners.ORG. A 207.213.105.38
parishioners.ORG. MX 20 mx.relaypoint.net
www A 207.213.105.38
parishioners.org. SOA ns1.relaypoint.net root.relaypoint.net.
(1999032201 3600 900 604800 86400)

> ls -d relaypoint.net
[ns1.relaypoint.net]
relaypoint.net. SOA ns1.relaypoint.net root.relaypoint.net.
(1999041701 3600 900 604800 900)
relaypoint.NET. NS ns1.relaypoint.net
relaypoint.NET. NS ns2.relaypoint.net
relaypoint.NET. A 206.16.234.253
relaypoint.NET. MX 20 mx.relaypoint.net
mx CNAME mail.relaypoint.net
mail MX 20 mail.relaypoint.net
mail A 206.170.248.252


[snip]
relaypoint.net. SOA ns1.relaypoint.net root.relaypoint.net.
(1999041701 3600 900 604800 900)

Cool, they only have a single MX host. So much for reliable mail delivery. However, mx.relaypoint.net is a CNAME in direct violation of RFC 974 as explained in RFC 1912. It appears that relaypoint is using that really cool Hubbardspew as a replacement for reading the RFCs.

Now, we find out where that webmaster address really lives.

$ telnet mx.relaypoint.net 25
Trying 206.170.248.99...
Connected to mail.relaypoint.net.
Escape character is '^]'.
220-mail2.relaypoint.net Sendmail 8.6.11/8.6.12 ready at Sat, 17 Apr 1999
16:48:
09 -0700
220 ESMTP spoken here
HELO mail3.five-ten-sg.com
250 mail2.relaypoint.net Hello [205.147.40.50], pleased to meet you
VRFY webmaster@parishioners.org
250 <spc@mail2.relaypoint.net>

And while we are poking around, sendmail 8.6 is a bit old, are they an open relay? Note that mx.relaypoint.net is a CNAME for mail.relaypoint.net, and that has two A records, 206.170.248.99 and 206.170.248.252. http://www.orbs.org says:

Database Check - 206.170.248.99

This server is included in the ORBS automated database because it's delivering relay test messages back to ORBS which were injected by the ORBS tester to the following address(es):

206.170.248.99
208.9.65.20

.... entry last updated 1999-04-15 12:22:04 UTC (yyyy-mm-dd hh:mm:ss)

Database Check - 206.170.248.252

This server is included in the ORBS automated database because it's delivering relay test messages back to ORBS which were injected by the ORBS tester to the following address(es):

206.170.248.252
208.9.65.2

.... entry last updated 1999-03-31 20:47:10 UTC (yyyy-mm-dd hh:mm:ss)

Cool, so not only don't relaypoint.net know how to setup their DNS, they also don't know how to configure a mail server. Why am I not surprised?

Traceroute from here goes thru:
4 16 ms 16 ms 16 ms savvis-above-45Mbps.lax.above.net
[209.133.31.170]
5 16 ms 31 ms 16 ms 209.223.191.30
6 47 ms 47 ms 47 ms gw-alhambra.relaypoint.net
[206.170.251.254]
7 47 ms 47 ms 46 ms gw4-losangeles.relaypoint.net

[206.170.248.218]
8 31 ms 31 ms 31 ms www.parishioners.org [207.213.105.38]

Well, the router that is the immediate upstream of relaypoint does not have reverse dns configured, so we ask whois.arin.net about it and get:

SAVVIS Communications (NETBLK-SAVVIS6)
7777 Bonhomme #1500
St. Louis, MO 63105

Netname: SAVVIS6
Netblock: 209.223.0.0 - 209.223.255.255
Maintainer: SAVV

Coordinator:
Cordova, Robert B (RBC36-ARIN) robertc@SAVVIS.COM
(314)719-2419 (FAX) (314)719-2442

Domain System inverse mapping provided by:

NS1.SAVVIS.NET 209.16.211.42
NS2.SAVVIS.NET 204.194.10.206

It looks like Savvis provides connectivity to relaypoint.net.

- -- PGP key available from the key servers.
Key fingerprint 95 F4 D3 94 66 BA 92 4E 06 1E 95 F8 74 A8 2F A0

-----BEGIN PGP SIGNATURE----- Version: 4.5

iQCVAgUBNxkmX9ZjPoeWO7BhAQEcqQP+NQqUbXR/t/wgEexDTC0mb5gnPuZJKCwa
JvupmmupPxjSeH9PbWj4NtaRnfz4fNt8ywbjqnJp5jFgEPGIRJ2TAhcm6G4faDjN
Gu01EO5ZdxIZTTxP+Q1wVza6xSw27YmqZOhv6227bJa7sRPC/yZvaEFXXFsUthHG
gRxDWcsel7Q=
=wH9b
-----END PGP SIGNATURE-----


Click here for some additional truth about the Scientology crime syndicate: XENU.NET



This web page (and The Skeptic Tank) is in no way connected with nor part of the Scientology crime syndicate. To review the crime syndicate's absurdly idiotic web pages, check out www.scientology.org or any one of the many secret front groups the cult attempts to hide behind.

Further facts about this criminal empire may be found at Operation Clambake and FACTNet.

---

The views and opinions stated within this web page are those of the author or authors which wrote them and may not reflect the views and opinions of the ISP or account user which hosts the web page. The opinions may or may not be those of the Chairman of The Skeptic Tank.

Return to The Skeptic Tank's main Index page.

E-Mail Fredric L. Rice / The Skeptic Tank