It is a search engine visiting your server ----- Original Message ----- From: mike delp <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 06, 2000 5:36 PM Subject: RE: [IMail Forum] spamming program? Why me TOO ??? > I have been looking for the post about the batch file to get the summary > information, but I have not been successful. Could someone please repost > the link or the text to the batch file to evaluate the logs?? > > I have noticed in a couple of manual peeks into the log files, a domain > called inktomi.com, and I am wondering if that is supposed to be there. I > will look into what exactly is happening at this time, but a summary of > activity would be helpful. > > > TIA > > > > Mike Delp > Director of Technical Services > Database Computer Group, Inc. > (515) 564-0150 > FAX- (515) 564-0152 > [EMAIL PROTECTED] > > -----Original Message----- > From: Gerry Dalton [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 06, 2000 8:48 AM > To: [EMAIL PROTECTED] > Subject: Re: [IMail Forum] spamming program? Why me TOO ??? > > Len, Et Al, > > I've been running the batch file which does the summary of all your mail > activity for about 2 months now, and suddenly over the last 5 days I have > had an enormous amount of "unknown user" rejects. Last night the attack > appeared to come from a Japan system. They tried hundreds of names as > recpt to's from a single message. > > I have Relay for Local Hosts only checked, I have SMTP AUTH unchecked and I > have SMTP VERFY unchecked also. > > Looks like nothing has made it in, but what else can/should I do to be sure > ? > > I tried relay for addresses only, and have had nothing but problems with > users who travel (including the CFO) unable to send mail outside our > domains using Eudora. > > Gerry > > > > At 09:38 AM 7/6/2000 +0200, Len Conrad wrote: > >Hard to say for sure. A "dictionary" attack on a mail server can > >"harvest" mail accounts by throwing a "dictionary" of names, including of > >course generic names like sales@, info@, support@, but such an attack > >would also cause a ton of "user unknown" reject lines to show up in your > >logs, so as always surfing the logs is a frequent requirement to see > >what's really going on out there. > > > >Dictionary attacks go faster if you have the SMTP VRFY permitted. > > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list.
