I sit and watch the /var/log/exim4/mainlog today and it is full, and I
mean FULL of messages like these:
2004-12-14 12:04:28 1Ce1nJ-0002gD-5M == b12130528@???
R=dnslookup_relay_to_domains T=remote_smtp defer (-53): retry time
not reached for any host
2004-12-14 12:04:28 1CdwSM-0005g7-Q9 Message is frozen
2004-12-14 12:04:28 1Ce69H-0003CH-5W Message is frozen
2004-12-14 12:04:28 1Ce8Yo-0007dy-Gc Message is frozen
2004-12-14 12:04:28 1CeF9c-0007Kw-Qg Message is frozen
2004-12-14 12:04:28 1CdawL-0008LS-Ks Message is frozen
2004-12-14 12:04:28 1CdawT-0008NF-6n Message is frozen
2004-12-14 12:04:28 1CdhsU-0000IN-08 Message is frozen
2004-12-14 12:04:28 1Ce2ZC-0007Pp-14 Message is frozen
2004-12-14 12:04:28 1Cdybx-0002ra-C8 == n12130407@???
R=dnslookup_relay_to_domains T=remote_smtp defer (-53): retry time
not reached for any host
2004-12-14 12:04:28 1CdZLK-0003Lq-Vh Message is frozen
2004-12-14 12:04:28 1CdaWp-0007AJ-Q1 Message is frozen
2004-12-14 12:04:28 1Cdwxm-0007az-3c Message is frozen
2004-12-14 12:04:28 1Cdit3-0007Z7-OB Message is frozen
2004-12-14 12:04:28 1CdaX4-0007O7-1A Message is frozen
2004-12-14 12:04:28 1Ce1Dm-0001eN-SX Message is frozen
2004-12-14 12:04:28 1Ce1yl-0003KY-Et Message is frozen
2004-12-14 12:04:28 1CdYbg-0000Ah-Jk Message is frozen
2004-12-14 12:04:28 1Cd1GR-0005Rv-U5 == j12071758@???
R=dnslookup_relay_to_domains T=remote_smtp defer (-53): retry time
not reached for any host
2004-12-14 12:04:28 1Ce21Z-0003kd-VH Message is frozen
2004-12-14 12:04:28 1CdaFe-0003lW-4d Message is frozen
2004-12-14 12:04:28 1CdZLM-0003MA-5U Message is frozen
2004-12-14 12:04:34 1CeFWO-0000Mi-VY SMTP error from remote mailer
after MAIL FROM:<> SIZE=3007: host mx.east.cox.net [68.1.17.3]: 452
Message rejected
2004-12-14 12:04:39 1CeFWO-0000Mi-VY == evocablehound@???
R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error
from remote mailer after MAIL FROM:<> SIZE=3007: host
mx.west.cox.net [68.6.19.3]: 452 Message rejected
2004-12-14 12:04:39 1CdkAv-0002ob-CE Message is frozen
...And the messages pour in by the hundreds each minute. Thoudsands and
thousands of strange email addresses appear that look very suspicious...
krush88@???
powerboilerplate@???
ljs98_2000@???
hystericallyscar@???
i12072102@???
y12071839@???
v12071322@???
r12130419@???
y12071756@???
scythescoulomb@???
scythescoulomb@???
i12130502@???
x12130357@???
populatingpolished@???
c12071458@???
x12130357@???
i12130310@???
c12071633@???
kuzru@???
kugtf@???
x12071425@???
ponycracks@???
mckj820@???
g12072308@???
ctipton@???
i12130305@???
leemyuree@???
hotterhosiery@???
humiliatesteat@???
midsectionscurry@???
hypothalamictempestuously@???
...the list goes on and on and on and on.
Are people trying to send seriously huge amounts of spam through my
server? I've installed spampd and spamassasin. I'm running bastille,
snort, psad, samhain, portsentry, clamav, tripwire, chkrootkit, all
kinds of security tools. What is going on?
--
Tommy Butler
tommy@??? <
mailto:tommy@atrixnet.com>
