[Exim] offers123.net & possible DOS.

Top Page
Delete this message
Reply to this message
Author: Dave Restall
Date:  
To: exim-users
Subject: [Exim] offers123.net & possible DOS.
Hi,

Exim 3.35, Debian/GNU Linux, Kernel 2.2.18pre21.

exim has had a couple of processes jammed up over that last couple of
days and it terminates with :-

2002-05-17 08:47:29 unexpected disconnection while reading SMTP command
from punt-21.mail.demon.net [194.217.242.6]

demon is my upstream provider.

The mail that it has problems with is a spam from offers123.net who
seem to have an awful lot of MX's - none of which work. I think exim
patiently but methodically sets out to verify the address from all of
them until one of them will answer, however because none of them work,
exim waits for each one to timeout and the remote mailer at demon gets
bored and terminates the connection.

They also send the mail with the following :-

    Reply-To: COPY DVD's<offers@???>
    From: COPY DVD's<offers@???>


They also seem to be involved with highspeedmailer.com which - strangely
enough has a broken mx.

I have now added offers123.net to my sender_reject list and this cures
the problem of sticking mail - though I suspect that I have just
offloaded the problem elsewhere.

Unfortunately, I don't think much can be done about this. I'm sending
it to this list simply because I think it's not a normal spammer, this
one looks as if it deliberately trying to get the message through or
DOS a mail process that wants to check they are legitimate.

Regards,


Dave
mail/exim/2002-05-17.tx                                        exim-users
+----------------------------------------------------------------------------+

| Dave Restall,       IIRC Limited, PO Box 46, Skelton, Cleveland, TS12 2GT. |
| Tel. +44 (0) 1287 653003 Mob. +44 (0) 7973 831245 Fax. +44 (0) 1287 652546 |
| email : dave@???       dave@???     Web : http://www.iirc.net |

+----------------------------------------------------------------------------+
| BOFH excuse #336:                                                          |
|                                                                            |
| the xy axis in the trackball is coordinated with the summer soltice        |

+----------------------------------------------------------------------------+