To begin with, it looks like the sender is forging the HELO. 61.91.163.210 -> gb.jb.163.210.revip.asianet.co.th
mail.epost.no -> 213.188.131.34 Just block 61.91.163.0/24 Jeff Hitchcock - [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steinar Rasch Sent: Monday, February 06, 2006 6:26 PM To: [email protected] Subject: RE: [IMail Forum] Hard to block bad source Does anyone know have to block incomming mails like theese? 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] HELO mail.epost.no 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] MAIL FROM: <[EMAIL PROTECTED]> 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] RCPT TO: <[EMAIL PROTECTED]> 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] D:\IMail\spool\Dd3e2023100000037.SMD 566 02:06 23:55 SMTPD(d3e2023100000037) performing antispam checks They keep on coming... And every mail has a different IP-address aswell as a different and bogus [EMAIL PROTECTED] address. I use v8.22 and Declude Pro 3.0.5.23, but I cannot find any settings for stopping theese mails. Regards, Steinar -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: 6. februar 2006 22:40 To: [email protected] Subject: RE: [IMail Forum] Hard to block bad source He does not know what he means. John T eServices For You "Seek, and ye shall find!" > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > [EMAIL PROTECTED] On Behalf Of Steinar Rasch > Sent: Monday, February 06, 2006 1:03 PM > To: [email protected] > Subject: RE: [IMail Forum] Hard to block bad source > > Hi! > > What do you mean by: > > Why not block the port at the nic interface? > > Regards, > Steinar > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Richard > Bowman > Sent: 6. februar 2006 20:32 > To: [email protected] > Subject: RE: [IMail Forum] Hard to block bad source > > Why not block the port at the nic interface? > > Richard > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom > Sent: Monday, February 06, 2006 2:18 PM > To: [email protected] > Subject: [IMail Forum] Hard to block bad source > > > Is there a way to block the trouble IP(s) automatically other than manually > entering into the iMail Admin's Control List? > > There are a few (invalid) addresses being targeted that we got log > lines as > below. The source apparently changed its IP every time. Any suggestion? > > Tom > > --- > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) [LAN_IP] connect > 84.190.104.64 port 1926 > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > EHLO w0op48.eeuyo6oe.comcast.net > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010457 127.0.0.1 SMTPD (cb39015400000c69) [LAN_IP] connect > LAN_IP port 1396 > 20060202 010554 127.0.0.1 SMTPD (cb72014e00000c6a) [LAN_IP] connect > 84.190.104.64 port 2394 > 20060202 010555 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > EHLO OLIVER > 20060202 010559 127.0.0.1 SMTPD (cb77014600000c6b) [LAN_IP] connect > LAN_IP port 1404 > 20060202 010559 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010600 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) [84.190.104.64] > C:\IMail\spool\Dcb72014e00000c6a.SMD 2317 > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) performing antispam > checks > 20060202 010607 127.0.0.1 SMTPD (cb72014e00000c6a) taking spf action: > XHEADER > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010608 127.0.0.1 SMTPD (cb80013000000c6d) [LAN_IP] connect > 84.190.104.64 port 2508 > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > EHLO a7wgvfqz.uciiceai.cox.net > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) [LAN_IP] connect > 84.190.104.64 port 2572 > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) [84.190.104.64] > EHLO e2s7i.heq4yb.aol.com > 20060202 010620 127.0.0.1 SMTPD (cb8b015400000c6e) [84.190.104.64] > unacceptable mail address in MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [LAN_IP] connect > 84.190.104.64 port 2673 > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > EHLO OLIVER > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) [LAN_IP] connect > 84.190.104.64 port 2761 > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > EHLO OLIVER > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) [84.190.104.64] Max > Invalid RCPTs Exceeded > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) [LAN_IP] connect > 84.190.104.64 port 2835 > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > EHLO OLIVER.augv.net > 20060202 010654 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > MAIL FROM: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] > RCPT TO: <[EMAIL PROTECTED]> > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] ERR > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) [84.190.104.64] Max > Invalid RCPTs Exceeded > > ________________________________________________________________ > Sent via the WebMail system at neptunefoods.com > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > Denne emailen er skannet og funnet fri for virus > > > Denne emailen er skannet og funnet fri for virus > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ Denne emailen er skannet og funnet fri for virus Denne emailen er skannet og funnet fri for virus To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
