ORF also stops them. John T eServices For You
"Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > [EMAIL PROTECTED] On Behalf Of Len Conrad > Sent: Monday, November 13, 2006 7:01 AM > To: [email protected] > Subject: Re: [IMail Forum] Zomibe bots > > > >Hey Everyone... I have seen this constantly in my logs for days now. I > >can start including the IP's in my block list but they are all over the > >board. Have any of you seen this pattern and if so, can you give me some > >advice on what it is and the best way to stop it? > > > >Here is a log segment... > >20061113 091747 127.0.0.1 SMTPD (7e8ba54000bea330) > >[88.154.146.126] EHLO |http://mail.oldartero.com:8889/cgi-bin/put > > this oldartero junk is everywhere by 10s of 1000s. Looks like a > bot-meister screwedup his bots and sent URL in the EHLO field with > always-illegal DNS characters. > > Imail can't do it, but IMGate has a reject_unknown_hostname > ("hostname" = helo hostname) or a more specific filter. > > Sending IPs using oldatero as EHLO are waving a red flag at you, > confessing guilt: > > "I'm a mail-bot-infected IP doing direct-to-MX spamming", so > harvesting these IPs into an access control file or weighting system > is one way to thank them for their honesty. :) > > Len > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
