Anyone else noticing more concurrent incoming SMTP connections in last
couple of weeks ?
Chances are it's a buggy botnet, and has been discussed in various places
including:
http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx
and I'm guessing is responsible for the recent "smtp_reserve_hosts" thread
on exim-users.
Suggestions seem to include lowering timeouts - which seems likely to
break legit things.
Perhaps it's time to switch our DNSBL etc tests from "deny" to "drop" mode.
Is there any obvious downside to this ? Do most folk use drop already ?
Thanks!
Chris
--
Chris Edwards, Glasgow University Computing Service