A large spike hit here Monday. Spool processing lagged about 1.5 hours,
then got worse late in the night to over 9,000 files in spool and a 5-hr
delay. Had to stop SMTP and clear the spool.
I've noticed numerous D/T pairs that appear in \spool and hang there for a
long time (10-15 mins), locked while SMTP is running. Right now it's 2:15
PM and there's a locked 1K T/D pair time-stamped 1:57 PM. Toggling SMTP
leaves them as orphans. A typical D is 1 KB in size and contains something
like this
Received: from acce.org [82.250.149.205] by wcnet.net
(SMTPD32-7.15) id A7977430256; Wed, 20 Sep 2006 12:17:11 -0500
The T is
QD:\IMAIL\spool\D7797074302566850.SMD
Hwcnet.net
WD:\IMAIL
E0,
S<[EMAIL PROTECTED]>
NRCPT TO:<[EMAIL PROTECTED]>
The NRCPT TO is a valid hosted mail domain but not a valid user. A few may
be to one or more valid users, and a few may have message content in the D
whether the user is valid or not. Is this a dictionary probe? What can be
done to defend against it?
G.Z.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.