Re: [exim] Weird RCPT TO address

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MWakko Warner at <-
MJonathan Gonzalez at ->
Delete this message
Reply to this message
Author: Exim User's Mailing List
Date:  
To: Exim User's Mailing List
Subject: Re: [exim] Weird RCPT TO address
Wakko Warner wrote:
> Mark Smith wrote:
>>>Subject: [exim] Weird RCPT TO address
>>>
>>>a1aaa1azzzz1zaaaaa@<local domain>
>>>
>>>Anyone else seeing this?
>>
>>Yes, coming from a variety of zombies.
>
>
> I just recently started seeing this. Wondering if this was due to spammers
> trying to exploit servers that accept/bounce.
>

Probably. Default exchange(2k) behaviour is to still accept the mail and then
bounce it if it can't deliver it anywhere. I've had hits on a number of servers..

2005-07-27 15:43:04 H=(200-101-188-071.cbrbr200.dial.brasiltelecom.net.br)
[200.101.188.71] F=<ceosg@???> rejected RCPT
<a1aaa1azzzz1zaaaaa@???>: Unknown user

Also the exact same local part so they're all going to be from the one bot net.

Ted.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Weird RCPT TO addressRe: [exim] ldaps: different behaviour daemon vs -bt->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)