Author: W B Hacker Date: To: exim users Subject: Re: [exim] netzero forgeries?
Dean Brooks wrote:
> On Wed, Jun 07, 2006 at 11:10:42AM -0400, B. Cook wrote:
>
>
>>Is anyone else being bombarded by these?
>>
>>grep -c "H=(netzero.com)" /var/log/exim/mainlog
>>167232
>>
>>I have something like 35k uniq ips.. or am I the only lucky one today?
>
>
> Hmm, looks like there may be something going on, yeah.
>
> We've had 85,000 of those today since 4am. I checked back in our logs
> and it started about 3 days ago. Ever since then, we've been
> averaging about 100,000 per day.
>
> We had a few reports of other mail servers getting unusual levels
> of traffic today. I may check to see if its related...
>
> --
> Dean Brooks
> dean@???
>
Only 1174 over the past six months here, but most are very recent.
All were being ID'ed as invalid recipient, connection abandoned
by their zombies after a time in 'jail'.
We've dropped their helo into a local BL, so will now block at
HELO without wasting further connection time.