It seems that there's no easy solution to really block the problem source. (how did he do that? IP forging?) By looking at the IPs in the log almost all of them were originated from Europe (especially from Eastern Europe). Does anyone still have the big IP list posted a while ago? (sorry did not find from the archive yet... taking a shortcut :) Thanks.
Tom ---------- Original Message ---------------------------------- From: "Kevin Bilbee" <[EMAIL PROTECTED]> Reply-To: [email protected] Date: Mon, 6 Feb 2006 16:45:16 -0800 Say it with me people. Distributed dictionary attack. Sit back hold on and wait for it to end. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Steinar Rasch > Sent: Monday, February 06, 2006 4:27 PM > To: [email protected] > Subject: RE: [IMail Forum] Hard to block bad source > > > Hi! > > Sometimes the user is exists on the server. > > Other times there will be an invalid user entry in the log. > > The server is set to No Mail relay. > > > Regards, > Steinar > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > Sent: 7. februar 2006 01:07 > To: [email protected] > Subject: RE: [IMail Forum] Hard to block bad source > > Is the RCPT TO address a real address on your server? > > If not, you are relaying. > > John T > eServices For You > > "Seek, and ye shall find!" > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > > [EMAIL PROTECTED] On Behalf Of Steinar Rasch > > Sent: Monday, February 06, 2006 3:26 PM > > To: [email protected] > > Subject: RE: [IMail Forum] Hard to block bad source > > > > Does anyone know have to block incomming mails like theese? > > > > 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] HELO mail.epost.no > > 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] MAIL FROM: > > <[EMAIL PROTECTED]> > > 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] RCPT TO: > > <[EMAIL PROTECTED]> > > 02:06 23:55 SMTPD(d3e2023100000037) [61.91.163.210] > > D:\IMail\spool\Dd3e2023100000037.SMD 566 > > 02:06 23:55 SMTPD(d3e2023100000037) performing antispam checks > > > > They keep on coming... > > > > And every mail has a different IP-address aswell as a different and > > bogus [EMAIL PROTECTED] address. > > > > I use v8.22 and Declude Pro 3.0.5.23, but I cannot find any settings > > for stopping theese mails. > > > > > > Regards, > > Steinar > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John T > > (Lists) > > Sent: 6. februar 2006 22:40 > > To: [email protected] > > Subject: RE: [IMail Forum] Hard to block bad source > > > > He does not know what he means. > > > > John T > > eServices For You > > > > "Seek, and ye shall find!" > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > > > [EMAIL PROTECTED] On Behalf Of Steinar Rasch > > > Sent: Monday, February 06, 2006 1:03 PM > > > To: [email protected] > > > Subject: RE: [IMail Forum] Hard to block bad source > > > > > > Hi! > > > > > > What do you mean by: > > > > > > Why not block the port at the nic interface? > > > > > > Regards, > > > Steinar > > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Richard > > > Bowman > > > Sent: 6. februar 2006 20:32 > > > To: [email protected] > > > Subject: RE: [IMail Forum] Hard to block bad source > > > > > > Why not block the port at the nic interface? > > > > > > Richard > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Tom > > > Sent: Monday, February 06, 2006 2:18 PM > > > To: [email protected] > > > Subject: [IMail Forum] Hard to block bad source > > > > > > > > > Is there a way to block the trouble IP(s) automatically other than > > manually > > > entering into the iMail Admin's Control List? > > > > > > There are a few (invalid) addresses being targeted that we got log > > > lines > > as > > > below. The source apparently changed its IP every time. Any > suggestion? > > > > > > Tom > > > > > > --- > > > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) [LAN_IP] > connect > > > 84.190.104.64 port 1926 > > > 20060202 010452 127.0.0.1 SMTPD (cb34013000000c68) > [84.190.104.64] > > > EHLO w0op48.eeuyo6oe.comcast.net > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > [84.190.104.64] > > > MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010453 127.0.0.1 SMTPD (cb34013000000c68) > [84.190.104.64] > > Max > > > Invalid RCPTs Exceeded > > > 20060202 010457 127.0.0.1 SMTPD (cb39015400000c69) [LAN_IP] > connect > > > LAN_IP port 1396 > > > 20060202 010554 127.0.0.1 SMTPD (cb72014e00000c6a) [LAN_IP] > connect > > > 84.190.104.64 port 2394 > > > 20060202 010555 127.0.0.1 SMTPD (cb72014e00000c6a) > [84.190.104.64] > > > EHLO OLIVER > > > 20060202 010559 127.0.0.1 SMTPD (cb77014600000c6b) [LAN_IP] > connect > > > LAN_IP port 1404 > > > 20060202 010559 127.0.0.1 SMTPD (cb72014e00000c6a) > [84.190.104.64] > > > MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010600 127.0.0.1 SMTPD (cb72014e00000c6a) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) > [84.190.104.64] > > > C:\IMail\spool\Dcb72014e00000c6a.SMD 2317 > > > 20060202 010601 127.0.0.1 SMTPD (cb72014e00000c6a) performing > > antispam > > > checks > > > 20060202 010607 127.0.0.1 SMTPD (cb72014e00000c6a) taking spf > > action: > > > XHEADER > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > [84.190.104.64] > > > MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010608 127.0.0.1 SMTPD (cb7f014e00000c6c) > [84.190.104.64] > > Max > > > Invalid RCPTs Exceeded > > > 20060202 010608 127.0.0.1 SMTPD (cb80013000000c6d) [LAN_IP] > connect > > > 84.190.104.64 port 2508 > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > [84.190.104.64] > > > EHLO a7wgvfqz.uciiceai.cox.net > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > [84.190.104.64] > > > MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010609 127.0.0.1 SMTPD (cb80013000000c6d) > [84.190.104.64] > > Max > > > Invalid RCPTs Exceeded > > > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) [LAN_IP] > connect > > > 84.190.104.64 port 2572 > > > 20060202 010619 127.0.0.1 SMTPD (cb8b015400000c6e) > [84.190.104.64] > > > EHLO e2s7i.heq4yb.aol.com > > > 20060202 010620 127.0.0.1 SMTPD (cb8b015400000c6e) > [84.190.104.64] > > > unacceptable mail address in MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) [LAN_IP] > connect > > > 84.190.104.64 port 2673 > > > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) > [84.190.104.64] > > > EHLO OLIVER > > > 20060202 010630 127.0.0.1 SMTPD (cb96014600000c6f) > [84.190.104.64] > > > MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010631 127.0.0.1 SMTPD (cb96014600000c6f) > [84.190.104.64] > > Max > > > Invalid RCPTs Exceeded > > > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) [LAN_IP] > connect > > > 84.190.104.64 port 2761 > > > 20060202 010641 127.0.0.1 SMTPD (cba1014e00000c70) > [84.190.104.64] > > > EHLO OLIVER > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > [84.190.104.64] > > > MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010642 127.0.0.1 SMTPD (cba1014e00000c70) > [84.190.104.64] > > Max > > > Invalid RCPTs Exceeded > > > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) [LAN_IP] > connect > > > 84.190.104.64 port 2835 > > > 20060202 010652 127.0.0.1 SMTPD (cbac013000000c71) > [84.190.104.64] > > > EHLO OLIVER.augv.net > > > 20060202 010654 127.0.0.1 SMTPD (cbac013000000c71) > [84.190.104.64] > > > MAIL FROM: <[EMAIL PROTECTED]> > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > [84.190.104.64] > > > RCPT TO: <[EMAIL PROTECTED]> > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > [84.190.104.64] > > ERR > > > mail.neptunefoods.com invalid user <[EMAIL PROTECTED] > > > 20060202 010655 127.0.0.1 SMTPD (cbac013000000c71) > [84.190.104.64] > > Max > > > Invalid RCPTs Exceeded > > > > > > ________________________________________________________________ > > > Sent via the WebMail system at neptunefoods.com > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > Denne emailen er skannet og funnet fri for virus > > > > > > > > > Denne emailen er skannet og funnet fri for virus > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > Denne emailen er skannet og funnet fri for virus > > > > > > Denne emailen er skannet og funnet fri for virus > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > Denne emailen er skannet og funnet fri for virus > > > Denne emailen er skannet og funnet fri for virus > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus] ________________________________________________________________ Sent via the WebMail system at neptunefoods.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
