[Exim] Interesting "attack" on my exim server...

Top Page
Delete this message
Reply to this message
Author: Jeff Hahn
Date:  
To: exim-users
Subject: [Exim] Interesting "attack" on my exim server...
I've been getting a "dictionary" attack on one of the domains I host - checking
all possible names for email addresses - ..., greg@???, gregg@???,
gregh@???, ..., george@???, ...

I'm not sure what they hope to accomplish. I don't allow relay based on return
address and it seems like an awfully expensive way to collect new email
addresses for spam.

After getting a few megabytes of "verify failed" messages in my exim3 logs, I
set host_reject for the addresses.

The attacks are coming from 200.231.206.0/24 (several dozen hosts)

Now I'm still getting about 1 connection a minute and filling up my
exim_rejectlog. oh well, disk space is cheap.

been going on about a week.

just 1 domain out of dozens, how strange...

-Jeff