Distributed spammer attacks?
Vaughn Skinner
vaughn at BLUEMTNET.COM
Wed Nov 9 18:59:17 GMT 2005
Using milter-sender we are getting many of the following syslog entries.
(addresses changed to protect the innocent)
Nov 9 04:25:03 server sendmail[26187]: jA9CP0Eb026187: Milter: helo=1.2.3.4
reject=550 5.7.1 HELO 1.2.3.4 claims to be us 'server.domain' [1.2.3.4], but
the connection [220.184.102.95] is not us
Yesterday we received 2901 of these. 2586 are unique machines and the most
any one hit was 6 times.
Here is a test session where I duplicated the abuse showing what others are
doing.
I expect we are looking at a distributed spam network. Has anyone else
experienced this, and if so any thoughts about a solution? The only thing I
can think of to counter this would be a common dnsbl.
Vaughn
220 1.2.3.4 ESMTP Sendmail 1.0/1.0; Wed, 9 Nov 2005 10:30:39 -0800
HELO 1.2.3.4
250 1.2.3.4 Hello test [2.3.4.5], pleased to meet you
mail from: <user at test>
550 5.7.1 HELO 1.2.3.4 claims to be us '1.2.3.4' [1.2.3.4], but the connection
[2.3.4.5] is not us
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list