you wouldn't believe it - I started getting the 29 email attempts, too - pretty much exactly the same way you described. Over the last couple of days, I have taken the opportunity to do some more researching and experimentation on server side spam fighting. I happen to run sendmail, and in that context I found a very nice site, which gives suggestions to configure sendmail. I've implemented most of them, and have found that now a ton of spam gets blocked right at the server. It's pretty cool, since I didn't have to spend a penny on a commercial spam fighting product.
http://www.sdsc.edu/%7Ejeff/spam/Fighting.html
At least some of the 29 e-mail attempts seem to originate from dialup addresses. And once I added the dialup addresses (as suggested in the above site) to my sendmail access file (with REJECT clause) , it seems to have been able to catch those 29 address guessing attempts.
Best regards,
...Niels
Niels Voll wrote:
yes, your argument makes sense to me, so that would make it more likely some sort of dictionary attack on email addresses in a server. I'm suspecting, that the number of attempts per day stays somewhat small to avoid easy detection by at least larger mail server administrators. It is just the small server installations, where such things are easily noticed in the logs.
If you google on "dictionary attack smtp [insert name of your smtp server here] spam" and similar words, you'll find all kinds of similar experiences, resource pages and such. I've just found one, I will have a closer look at:
http://www.geocities.com/spamresources/filter-server-addon.htm
cheers, ...Niels
bogi wrote:
Well,
There are many 29 email attempts from different sources. each ine of them
attempts 29 emails and then disconnects. What is strange, as oposed to your theory, is the simple fact, that none of these 29-email groupes, from very different mailers contain similar/repeate names. they are all different.
If many spammers would be working off the same list, i would get the same names attempted over and over again, right ? well i am not.
Cheers
Szemir
On January 4, 2004 15:52, Niels Voll wrote:
I see this on my server, too, although the numbers are slightly higher
for me. And yes, I have read somewhere, that e-mail guessing robots are
all the rage these days. However another explanation could be, that
people are buying spamming e-mail address lists with bogus (generated)
emails. So they might be attempted spams with these bogus mailing lists
as their source. There was a thing on slashdot on that just the other day.
I'm very interested in other people's experiences. too.
...Niels
bogi wrote:
Hi
I have noticed a strange trend in some of my servers mail logfiles.
The phenomina consistes of 29 (exactly and every time) emails addressed to (nonexsistent) 29 different usernames. Since i hardly have users on my system, these emails get bounced. The sender is allways different, but the 29 email names never repeate, suggesting to me a distributed email-guessing attempt directed from a centeral name-list anf performed by different end-users 29 names at a time.
So my question is: Is this something new, do any other sysadmins see this
? and if it is not new, then what is it, and how to guard against it ??
Cheers Szemir
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
