Hello,
Well the domain in which it is coming from is uol.com.br i suggest you
contact them and inform them of this. Also once you have done this you may
wish to contact your ISP's and get them RBL'ed!
Thats should sort the situation out for you.
By the way the web site in not english so you will have fun with that!
Regards
Kamesh
-----Original Message-----
From: exim-users-admin@??? [
mailto:exim-users-admin@exim.org]On
Behalf Of Jeff Hahn
Sent: 22 August 2002 15:50
To: exim-users@???
Subject: [Exim] Interesting "attack" on my exim server...
I've been getting a "dictionary" attack on one of the domains I host -
checking
all possible names for email addresses - ..., greg@???, gregg@???,
gregh@???, ..., george@???, ...
I'm not sure what they hope to accomplish. I don't allow relay based on
return
address and it seems like an awfully expensive way to collect new email
addresses for spam.
After getting a few megabytes of "verify failed" messages in my exim3 logs,
I
set host_reject for the addresses.
The attacks are coming from 200.231.206.0/24 (several dozen hosts)
Now I'm still getting about 1 connection a minute and filling up my
exim_rejectlog. oh well, disk space is cheap.
been going on about a week.
just 1 domain out of dozens, how strange...
-Jeff
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim
details at
http://www.exim.org/ ##
