Re: [Exim] FYI address probe seen

トップ ページ
このメッセージを削除
このメッセージに返信
著者: John W Baxter
日付:  
To: exim-users
題目: Re: [Exim] FYI address probe seen
At 13:29 -0800 1/24/03, John W Baxter wrote:
>January 23 from 10:45 to 13:59 (USA Pacific time: 8 hours before GMT), we
>saw (after the fact, darn it) an address probe at work. A few thousand
>messages from
>ip-pa-jtown-24-158-241-042.charterpa.com ([24.158.241.42....
>(which Arin says is assigned to Charter Communications is what appears to
>be Johnstown (Jamestown?) PA, USA) [JNSTN-PA] (No connections with same
>envelope sender/recipient pattern from elsewhere.)



They're back, this time from 24.158.245.8.  And a different envelope sender
local part pattern (sample):
    okaaaa:rp
Exim logs the : as a syntax error.  This one slowed our mail system enough
that it triggered an alert from our round trip mail monitor, letting me see
it in action.  Same netblock as before.  Sigh.


--John

--
John Baxter   jwblist@???      Port Ludlow, WA, USA