I haven't made an amateur radio contact with a completely new country in a while, but I have worked on getting countries on new bands in the log. This weekend I had the 6-40m longwire antenna out. It did not want to tune on 12 meters but I made contacts on the 10, 15, 17, 30 and 40 meter bands.

Some new country/band combinations were added: Moldova, Montenegro, Japan and the Slovak Republic on 30 meters, Estonia on 17 meters, Latvia on 15 meters. I also made contacts with several stations in the URE 70 year anniversary special event.

Update 2019-04-15: Tuned the longwire for 80 meters and added Serbia and Norway as new 80 meter countries.

Another find in the local supermarket. This time no complicated backstory, it just looked and sounded nice.

It's a blonde beer. The color is lighter than I expected from a blonde, it's almost like Belgian white beer (Belgisch witbier). It has a higher alcohol level for a beer, but it didn't taste/feel like a strong beer to me.

A nice taste, not too complicated.

The beer details

Company	De Hoorn Brouwerij
Beer name	Cornet Oaked
Beer style	Blond beer
Alcohol by volume	8.5 %

It seems Corel graphics still exists and part of their continued existance is sending out spam to unverified e-mail addresses. With the included lie:

You are receiving this email because you requested to receive information regarding Corel products and special offers or you subscribe to a Corel e-newsletter.

No I haven't.

I had a look at the beer on display in our local supermarket and noticed Goose IPA from Goose Island Beer company and I got reminded of Goose Island, Oregon which is mentioned in the Wargames movie. So I bought a bottle of the beer and did some research when I got home.

And everything about that link turned out to be wrong.

The Goose Island Beer company has nothing to do with Oregon, they are from Chicago, Illinois.

And according to Anderson Island (Washington) - Wikipedia English the scene around entering "Goose Island, Oregon" in the movie WarGames was actually filmed on Anderson Island in the state of Washington. There is a small island named "Goose Island" in the state of Oregon, it's an island in the Columbia river. Goose island measures almost 1000 meters by 680 meters. Goose Island Oregon USA on google maps.

Having left me with nothing of the link(s) I suspected when I saw the bottle there is only one thing to do: try the beer.

I would describe the colour as amber / dark amber. The smell and taste have a strong hop influence. I personally like IPA beers, but this one is a bit too bitter for me.

The beer details

Company	Goose Island Beer company
Beer name	Goose IPA
Beer style	IPA - India Pale Ale
Alcohol by volume	5.9 %

After a month with a holiday and a month with one contest I redid the QSO count plot to see the development.

before, before, before, before, before

Het viel me op in de grafieken van het invoer voltage volgens de UPS dat het voltage vanaf het stroomnet is gestegen tot 238 volt aan het eind van september 2018. Ik vraag me af wat de oorzaak is van deze wijziging. Het kan niet zijn door de toename van zonnepanelen in de omgeving, het gestegen voltage is zowel overdag als 's nachts.

Although FT8 does great work for weak signal reception on HF bands it's also nice for the 2 meter band and the 70 centimeter band. So after lots of tries with the 2 meter band I decided to give the 70 centimeter band another try. But, there is one thing: there aren't many stations active in FT8 on 70 centimeter and even when one is active in the nearby area that station may be on a different FT8 frequency. The real standard is not there yet.

Until now I've seen:

• 432.174 MHz
• 432.176 MHz
• 434.670 MHz

I check for activity via the PSKreporter site. My two FT8 on 70 centimeter contacts where on 432.174 and 432.176.

In the past week I made my second 70cm FT8 contact, and again with another amateur in the JO22 gridsquare. So the map for 70cm gridsquares contacted and confirmed isn't very spectacular yet, but I'm going to generate and maintain it anyway.

Now in the list of maps at pe4kh.idefix.net.

I noticed a lot of entries in my mail logging about aborted smtp transactions

Mar 22 21:04:04 gosper sm-mta[30180]: x2MK437r030180: [193.169.254.68] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:04:58 gosper sm-mta[30229]: x2MK4vv0030229: [185.234.217.222] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:05:25 gosper sm-mta[30307]: x2MK5Oas030307: [193.169.254.68] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:06:01 gosper sm-mta[30328]: x2MK5xAc030328: [185.234.217.222] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6
Mar 22 21:06:02 gosper sm-mta[30331]: x2MK5xg5030331: [185.222.209.209] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP-v6

And I wondered what was going on, until I did a capture of the session and had a look:

    1   0.000000 185.234.217.222 → 82.95.196.202 TCP 68 55448 → 25 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
    2   0.000314 82.95.196.202 → 185.234.217.222 TCP 68 25 → 55448 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128
    3   0.034751 185.234.217.222 → 82.95.196.202 TCP 56 55448 → 25 [ACK] Seq=1 Ack=1 Win=65536 Len=0
    4   6.038967 82.95.196.202 → 185.234.217.222 SMTP 395 S: 220-gosper.idefix.net ESMTP Sendmail 8.15.2/8.15.2/Debian-8; Fri, 22 Mar 2019 21:00:55 +0100; (No UCE/UBE) | 220-   This is a private SMTP server. | 220-   The use of this or any related system for the transmission of | 220-   Unsollicited Bulk E-mail (UBE) is prohibited. | 220 logging access from: [185.234.217.222](FAIL)-[185.234.217.222]
    5   6.072501 185.234.217.222 → 82.95.196.202 SMTP 76 C: EHLO 82.95.196.202
    6   6.072915 82.95.196.202 → 185.234.217.222 TCP 56 25 → 55448 [ACK] Seq=340 Ack=21 Win=29312 Len=0
    7   6.073011 82.95.196.202 → 185.234.217.222 SMTP 267 S: 250-gosper.idefix.net Hello [185.234.217.222], pleased to meet you | 250-ENHANCEDSTATUSCODES | 250-PIPELINING | 250-EXPN | 250-VERB | 250-8BITMIME | 250-SIZE | 250-DSN | 250-ETRN | 250-STARTTLS | 250-DELIVERBY | 250 HELP
    8   6.106154 185.234.217.222 → 82.95.196.202 SMTP 68 C: AUTH LOGIN
    9   6.106585 82.95.196.202 → 185.234.217.222 SMTP 86 S: 503 5.3.3 AUTH not available
   10   6.141445 185.234.217.222 → 82.95.196.202 TCP 56 55448 → 25 [FIN, ACK] Seq=33 Ack=581 Win=65024 Len=0
   11   6.141775 82.95.196.202 → 185.234.217.222 TCP 56 25 → 55448 [FIN, ACK] Seq=581 Ack=34 Win=29312 Len=0
   12   6.174430 185.234.217.222 → 82.95.196.202 TCP 56 55448 → 25 [ACK] Seq=34 Ack=582 Win=65024 Len=0

Each session starts ESMTP and even with the ESMTP reply not listing AUTH the next command is 'AUTH LOGIN' for authenticated smtp, and as soon as my server denies offering this the session gets aborted. This does mean no failed authentication attempt is logged which would trigger fail2ban.

This does look like a bit of a distributed attack, but without the network remembering that the attack is not going to work in this way and therefore trying it again and again.

Update: IPs active in this scanning attack sofar: 185.234.217.222 193.169.254.68 185.234.219.56 37.49.225.232 185.222.209.202 141.98.80.15 114.207.112.188 185.222.209.209 23.227.207.215 185.211.245.170 141.98.80.17 89.248.171.176 185.211.245.198 164.132.45.117 37.49.225.224 119.176.218.216 103.114.104.175 37.49.225.47 103.207.37.40 37.49.227.49 185.234.219.57

Update 2019-03-24: I noticed the incorrect EHLO above and looked at options for HELO/EHLO checking in sendmail. Searching did not show a lot of options, trying with the $&s delayed s macro did not fire on the given HELO/EHLO. So I kept searching and found the latest sendmail administration guide ('Bat book') with FEATURE(block_bad_helo). I activated this feature to see if it stops some of this traffic.