Re: [exim] netzero forgeries?

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] netzero forgeries?
Dean Brooks wrote:

> On Wed, Jun 07, 2006 at 11:10:42AM -0400, B. Cook wrote:
>
>
>>Is anyone else being bombarded by these?
>>
>>grep -c "H=(netzero.com)" /var/log/exim/mainlog
>>167232
>>
>>I have something like 35k uniq ips.. or am I the only lucky one today?
>
>
> Hmm, looks like there may be something going on, yeah.
>
> We've had 85,000 of those today since 4am. I checked back in our logs
> and it started about 3 days ago. Ever since then, we've been
> averaging about 100,000 per day.
>
> We had a few reports of other mail servers getting unusual levels
> of traffic today. I may check to see if its related...
>
> --
> Dean Brooks
> dean@???
>


Only 1174 over the past six months here, but most are very recent.

All were being ID'ed as invalid recipient, connection abandoned
by their zombies after a time in 'jail'.

We've dropped their helo into a local BL, so will now block at
HELO without wasting further connection time.

Thanks for the 'heads up'.

Bill Hacker