Hi Scott, I've noticed in the last day's a lot of Logfile-Entries like:
10:21 06:14 SMTPD(0456002E) [207.44.142.84] helo 1 10:21 06:14 SMTPD(0456002E) [207.44.142.84] mail from: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] 10:21 06:14 SMTPD(0456002E) [207.44.142.84] RCPT TO: <[EMAIL PROTECTED]> 10:21 06:14 SMTPD(0456002E) [207.44.142.84] ERR mail.zcom.it invalid user <[EMAIL PROTECTED] ...and so on (~200 addresses per domain) I think this is the best proof, that the message "because you opted in..." is nothing other that nonsense. In this test the spider has found only the info-Address, but I can immagine that a scan like this can find a lot more addresses if the users are english. I think it's only a question of time until this spider uses also localized user-names. Yesterday there was a dozen of scans all of them was .it-domains (italian) My question: is there nothing to do against this scans? Can Declude see the Imail-error-messages and create a temporary blocklist, or ist this a job for an external tool that checks regulary the SMTP-Logfile and writes the results for a specific time in the imail-ip-blocklist? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
