Author: Jeff Hahn Date: To: exim-users Subject: [Exim] Interesting "attack" on my exim server...
I've been getting a "dictionary" attack on one of the domains I host - checking
all possible names for email addresses - ..., greg@???, gregg@???,
gregh@???, ..., george@???, ...
I'm not sure what they hope to accomplish. I don't allow relay based on return
address and it seems like an awfully expensive way to collect new email
addresses for spam.
After getting a few megabytes of "verify failed" messages in my exim3 logs, I
set host_reject for the addresses.
The attacks are coming from 200.231.206.0/24 (several dozen hosts)
Now I'm still getting about 1 connection a minute and filling up my
exim_rejectlog. oh well, disk space is cheap.