I don't understand what spammers are gaining by continually attempting to
"relay" through our mail server. Their messages are always rejected - and
I've confirmed this by watching the traffic with tcpdump. They connect,
attempt to send to some domain that I'm NOT hosting, and then connect
again and again, each time trying a different e-mail address. Its like
they believe I'm an open relay, but we're not.
Other times, I see hosts attempting to send to a HUGE list of names to a
domain that does exist on my mail server. Funny thing is, the domain has
like 4 accounts and I'm getting 100000 message delivery attempts to
unknown users. That's a giant waste of resources - what, for only four
accounts they try a dictionary of a hundred thousand names?
None of this makes sense and I've tried everything to stop it - including
writing a log parser to automatically find hosts that "look" like these
interrogation hosts and putting their IP's into the smtpaccess file and
You must be running an ancient version of Courier. Courier had an effective
automatic tarpit since 0.47.
You should not be seeing this with a modern Courier, provided that you're
not using some unusual configuration where the server accepts all mail, and
tries to bounce undeliverable addresses ex-post-facto.