Autor: Chris Knipe Data: Para: exim-users Asunto: Re: [Exim] Two questions on reject log...
> On Wed, 2002-10-30 at 03:25, Paul Wilson wrote: > > On Tue, 29 Oct 2002, Chris Knipe wrote:
> > > 2002-10-29 07:37:45 rejected HELO from [61.72.146.115]: syntactically
> > > invalid argument(s): \300\374\305\302\301\370
> >
> > That's a Korean IP. They're sending an upper-ASCII string as the HELO.
> > It's not a DoS. Most likely some Korean open relay.
>
> Or more likely to be a direct spam source - there are a lot of Korean
> spammers out there doing direct to MX spam and/or abusing open relays
> and proxies (both local proxies and proxies elsewhere - say stateside)
>
> If you see a Korean IP without rDNS connecting to you to deliver direct
> to MX spam, that doesn't look like an ISP smarthost, block the /24 and
> see who complains. That is of course assuming you don't want to use
> something like korea.services.net :)
*nod* Will keep it in mind for future reference. I get about +- 5 of these
from various sources per day...
> > > 2002-10-28 02:36:19 recipient <SAVAGE@???> refused from
> > > (om40.yourmailsource.com) [216.177.60.45]
> > > sender=<NOLIST-1064843966-5933-SAVAGE**SAVAGE*ZA*ORG@??? > > > > (failed to find host name from IP address)
> > > What causes this?? Failed to find host name from IP Address? Is it missing > > > reverse DNS?
> > Exactly.
>
> Oh, and block yourmailsource.com at your earliest convenience :)
Oh, been there done that, HOURS before posting this ;-) Funny, most spam is
sent in capital letters for the addresses... hehe
This was more towards a "informational" question really... Just wanted to
make sure I understand things properly, which I seem to be...