Michael Einem wrote:
Hi all,
for some days now my server is under what I think is a dictionary attack. Someone is trying to send mail to [EMAIL PROTECTED] from apparently different IP sources every few minutes. Is there a way to activate the teergrube or tell esmtpd to ignore (not answer or delay) calls to unknown users at this domain?
The teergrube kicks in for any 5xx, so that base should be covered already. Do a telnet <yourip> 25 and replay the transaction. You can see the teergrube kicking in.
Why are they doing this? Is this a header overflow attack or mere harvesting? Should I brace the server somehow against this thing?
Header overflow seems out. Maybe do a tcpdump (use ethereal if possible) to see if the conversation is strange in any other way than you are seeing already.
Other than that? I don't see any point. The only explanation I can come up with is that someone did not even go through the trouble of harvesting a list, but generated one and sold it as an "opt-in golden really verified" list to some other spammer.
HTH, M4
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
