On Wed, 2002-10-30 at 03:25, Paul Wilson wrote:
> On Tue, 29 Oct 2002, Chris Knipe wrote:
> > 2002-10-29 07:37:45 rejected HELO from [61.72.146.115]: syntactically
> > invalid argument(s): \300\374\305\302\301\370
>
> That's a Korean IP. They're sending an upper-ASCII string as the HELO.
> It's not a DoS. Most likely some Korean open relay.
Or more likely to be a direct spam source - there are a lot of Korean
spammers out there doing direct to MX spam and/or abusing open relays
and proxies (both local proxies and proxies elsewhere - say stateside)
If you see a Korean IP without rDNS connecting to you to deliver direct
to MX spam, that doesn't look like an ISP smarthost, block the /24 and
see who complains. That is of course assuming you don't want to use
something like korea.services.net :)
> > 2002-10-28 02:36:19 recipient <SAVAGE@???> refused from
> > (om40.yourmailsource.com) [216.177.60.45]
> > sender=<NOLIST-1064843966-5933-SAVAGE**SAVAGE*ZA*ORG@???
> > > (failed to find host name from IP address)
> > What causes this?? Failed to find host name from IP Address? Is it missing
> > reverse DNS?
> Exactly.
Oh, and block yourmailsource.com at your earliest convenience :)
-suresh