21 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Mail Server Inter...| From | Sent On | Attachments |
|---|---|---|
| Derrick T. Woolworth | Apr 5, 2006 11:38 am | |
| Bowie Bailey | Apr 5, 2006 12:25 pm | |
| Gordon Messmer | Apr 5, 2006 12:36 pm | |
| Sam Varshavchik | Apr 5, 2006 3:41 pm | |
| Derrick T. Woolworth | Apr 5, 2006 10:17 pm | |
| Bowie Bailey | Apr 6, 2006 6:57 am | |
| Gordon Messmer | Apr 7, 2006 12:08 am | |
| Derrick T. Woolworth | Apr 7, 2006 1:31 am | |
| Ricardo Kleemann | Jun 22, 2006 8:30 am | |
| Sam Varshavchik | Jun 22, 2006 2:38 pm | |
| Ricardo Kleemann | Jun 23, 2006 7:27 am | |
| Binand Sethumadhavan | Jun 23, 2006 7:39 am | |
| Jerry Amundson | Jun 23, 2006 8:03 am | |
| Alessandro Vesely | Jun 23, 2006 8:13 am | |
| Ricardo Kleemann | Jun 23, 2006 8:23 am | |
| Alessandro Vesely | Jun 23, 2006 8:39 am | |
| Alexei Batyr' | Jun 23, 2006 8:41 am | |
| Mark Bucciarelli | Jun 23, 2006 8:46 am | |
| Ricardo Kleemann | Jun 23, 2006 9:48 am | |
| Alessandro Vesely | Jun 23, 2006 10:16 am | |
| Sam Varshavchik | Jun 23, 2006 3:55 pm |
| Subject: | Re: [courier-users] Mail Server Interrogation | |
|---|---|---|
| From: | Sam Varshavchik (mrs...@courier-mta.com) | |
| Date: | Apr 5, 2006 3:41:41 pm | |
| List: | net.sourceforge.lists.courier-users | |
Derrick T. Woolworth writes:
I don't understand what spammers are gaining by continually attempting to "relay" through our mail server. Their messages are always rejected - and I've confirmed this by watching the traffic with tcpdump. They connect, attempt to send to some domain that I'm NOT hosting, and then connect again and again, each time trying a different e-mail address. Its like they believe I'm an open relay, but we're not.
Other times, I see hosts attempting to send to a HUGE list of names to a domain that does exist on my mail server. Funny thing is, the domain has like 4 accounts and I'm getting 100000 message delivery attempts to unknown users. That's a giant waste of resources - what, for only four accounts they try a dictionary of a hundred thousand names?
None of this makes sense and I've tried everything to stop it - including writing a log parser to automatically find hosts that "look" like these interrogation hosts and putting their IP's into the smtpaccess file and blocking them.
You must be running an ancient version of Courier. Courier had an effective automatic tarpit since 0.47.
You should not be seeing this with a modern Courier, provided that you're not using some unusual configuration where the server accepts all mail, and tries to bounce undeliverable addresses ex-post-facto.