> Quoting Derrick 'dman' Hudson <dsh8290@???>:
>
> >
> > If you want to prevent your exim log from filling up and prevent exim
> > from using system resources on this attack, just drop all their
> > packets at the IP level (eg using iptables or ipchains).
> >
>
> good point! However, I'm the curious sort and I'd log the iptables
rejected
> packets, so it might just as well stay in exim. The rejects are logged
with
> the application in question and another couple of megabytes isn't going to
make
> much difference in 300+MB daily logs.
>
> Thanks for the info, everyone. It still seems like a rediculously
"expensive"
> way to harvest email addresses. oh well, learn something new every day!
>
Its expensive if they're trying to harvest *new* email addresses, however
it could also be an exercise in "data cleaning"... you can imagine the
advert:
"New CDROM of <enter your own value> million email addresses -
all current and verified for delivery..."
argh :-!
M
