Getting pounded .. sigh
Rob Poe
rpoe at plattesheriff.org
Tue May 23 17:46:53 IST 2006
I run a secondary MX for one customer, which gets the poo hit out of it
(only 1 or so make it through, though) but the more important thing I do
is spam/virus check mail that gets forwarded to customer email systems
(i.e. Groupwise). If they change / add / delete a user, I have to find
some way to forward check (yes, I know about milter-ahead, and I still
have not decided to use or not use it yet, and I'm not switching to
postfix) to see if it's valid. I do reject non-valid addresses to local
domains.
>>> martinh at solid-state-logic.com 5/23/2006 3:09:36 AM >>>
Rob
I trick I use is to drop all email to non-valid emails addresses on
the
incoming MTA. I drop well over 66% of my email traffic that way and
reduces
the chances of having to add another ISP into ip-tables (or whatever).
Of course some people don't do this as they thing the spammers will be
able
to find valid addresses as a result. Of course my MS/SA setup is
pretty
tight and I don't have to worry about that ;-)
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Rob Poe
> Sent: 22 May 2006 17:57
> To: MailScanner discussion
> Subject: Getting pounded .. sigh
>
> My mail server is getting POUNDED from
> 193.252.22.157
> 193.252.22.158
>
> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk
>
> I blacklisted the whole 193.252.22.x
>
> They're targeting my list server, and SpamAssassin is grabbing them
> (along with the fact that the list server is membership only!!)
>
> but I'm getting one every 5-10 seconds!!
>
> grep 193.252.22 /var/log/maillog | wc
> 1863 62955 710320
>
> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay,
> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
relay=smtp2.wanadoo.co.uk
> [193.252.22.157], reject=583 5.0.0 Get lost..
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be
clean.
**********************************************************************
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list