John W. Baxter wrote: > On 10/18/06 8:51 AM, "W B Hacker" <[EMAIL PROTECTED]> wrote: > > >>If 'random' was once a good idea, it sure seems less so when dictionary >>attacks >>abound. > > > On the other hand, the Exim-generated "random" address (really a pattern > with a random component) could be tested for and not treated as unfriendly, > without any significant failure to detect dictionary attacks. > > If you choose to, of course. > > --John (who doesn't do callouts) >
Thanks for that! Confirmed that it is now in use as a server-harvesting tool, at least by a few. I have found 37 over a 12-month period, not quite evenly distributed, but typically 3 a month. Not worth adding a parser for. In any case, most hits (though fewer unique IP's) were from servers also turning up in various RBL's. The only other 'legit' hit besides Renee's that was apparent was Odhiambo Washington's server. The others are nearly all from servers we have no record of traffic to/from during the year examined, (so why probe our server?) and nearly all on .ua or .ru .tld's. Checking a newer log, for a period where we were *may* drop early on rDNS fail & dynamic-IP (and/or the DynDNS style domains), shows just ONE new hit in a litle over a month, so 'probes' they are, in our view - not callouts related to verifying any actual traffic. A devel/R&D box that rigourously drops on rDNS fail / dynamic-IP has *zero* hits over 13 months. Now and then a turkey may wander in amongst the ducks, but they both roast nicely. ;-) Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
