Re: [Exim] FYI address probe seen

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJohn W Baxter at <-
MTony Earnshaw at ->
Delete this message
Reply to this message
Author: John W Baxter
Date:  
To: exim-users
Subject: Re: [Exim] FYI address probe seen
At 13:29 -0800 1/24/03, John W Baxter wrote:
>January 23 from 10:45 to 13:59 (USA Pacific time: 8 hours before GMT), we
>saw (after the fact, darn it) an address probe at work. A few thousand
>messages from
>ip-pa-jtown-24-158-241-042.charterpa.com ([24.158.241.42....
>(which Arin says is assigned to Charter Communications is what appears to
>be Johnstown (Jamestown?) PA, USA) [JNSTN-PA] (No connections with same
>envelope sender/recipient pattern from elsewhere.) 


They're back, this time from 24.158.245.8.  And a different envelope sender
local part pattern (sample):
    okaaaa:rp
Exim logs the : as a syntax error.  This one slowed our mail system enough
that it triggered an alert from our round trip mail monitor, letting me see
it in action.  Same netblock as before.  Sigh.


--John 

--
John Baxter   jwblist@???      Port Ludlow, WA, USA




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Error message when unrouteable adress[Exim] 4.12 smtp transport segfaults, newbie begs for help->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)