Re: [Exim] Re: Interesting "attack" on my exim server...

Pàgina inicial
Delete this message
Reply to this message
Autor: Michael J. Tubby B.Sc. \(Hons\) G8TIC
Data:  
A: Jeff Hahn, exim-users
Assumpte: Re: [Exim] Re: Interesting "attack" on my exim server...
> Quoting Derrick 'dman' Hudson <dsh8290@???>:
>
> >
> > If you want to prevent your exim log from filling up and prevent exim
> > from using system resources on this attack, just drop all their
> > packets at the IP level (eg using iptables or ipchains).
> >
>
> good point! However, I'm the curious sort and I'd log the iptables

rejected
> packets, so it might just as well stay in exim. The rejects are logged

with
> the application in question and another couple of megabytes isn't going to

make
> much difference in 300+MB daily logs.
>
> Thanks for the info, everyone. It still seems like a rediculously

"expensive"
> way to harvest email addresses. oh well, learn something new every day!
>


Its expensive if they're trying to harvest *new* email addresses, however
it could also be an exercise in "data cleaning"... you can imagine the
advert:

    "New CDROM of <enter your own value> million email addresses -
     all current and verified for delivery..."


argh :-!


M