Re: [Exim] Two questions on reject log...

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Chris Knipe
Data:  
Para: exim-users
Asunto: Re: [Exim] Two questions on reject log...
> On Wed, 2002-10-30 at 03:25, Paul Wilson wrote:
> > On Tue, 29 Oct 2002, Chris Knipe wrote:
> > > 2002-10-29 07:37:45 rejected HELO from [61.72.146.115]: syntactically
> > > invalid argument(s): \300\374\305\302\301\370
> >
> > That's a Korean IP. They're sending an upper-ASCII string as the HELO.
> > It's not a DoS. Most likely some Korean open relay.
>
> Or more likely to be a direct spam source - there are a lot of Korean
> spammers out there doing direct to MX spam and/or abusing open relays
> and proxies (both local proxies and proxies elsewhere - say stateside)
>
> If you see a Korean IP without rDNS connecting to you to deliver direct
> to MX spam, that doesn't look like an ISP smarthost, block the /24 and
> see who complains. That is of course assuming you don't want to use
> something like korea.services.net :)


*nod* Will keep it in mind for future reference. I get about +- 5 of these
from various sources per day...


> > > 2002-10-28 02:36:19 recipient <SAVAGE@???> refused from
> > > (om40.yourmailsource.com) [216.177.60.45]
> > >

sender=<NOLIST-1064843966-5933-SAVAGE**SAVAGE*ZA*ORG@???
> > > > (failed to find host name from IP address)
> > > What causes this?? Failed to find host name from IP Address? Is it

missing
> > > reverse DNS?
> > Exactly.
>
> Oh, and block yourmailsource.com at your earliest convenience :)


Oh, been there done that, HOURS before posting this ;-) Funny, most spam is
sent in capital letters for the addresses... hehe

This was more towards a "informational" question really... Just wanted to
make sure I understand things properly, which I seem to be...

Thanks for the info everyone!

--
me