Autor: Adam Moffett Data: Dla: exim-users Temat: Re: [Exim] (no subject)
>... >
> I've seen this sort of thing before. Usually, I just find the IP block
>the sending servers are in, and put that in a host reject entry.
>
> For instance, flonetworks (a supposedly legitimate mass-mail company)
>used to have a bug in their custom written SMTP delivery software and it
>would get confused when reading certain responses from Exim. At that
>point flonetworks had between 10 servers sending e-mail, and each one
>would have 10 to 15 connections open. I just blocked their network, and
>complained to their upstream.
>
>Tom
Yeah, that would work for him if the connections all came from one
particular source, but these "optprofessionals.com" people use other
people's open relays to send their junk out.
Actually Dave, I get all sorts of connection attempts from those guys
too....but all the IP's I've bothered to check out seem to be open
mail relays. If they're relaying through someone else's machine,
they can't control what the HELO string is going to be. Or can they?
What are you looking at to see what their HELO message is?