I have been trying to keep up with the address harvesters by implementing IP level blocks. Usually these addressess are just obscure boxes in Uruguay or something like that. I have no problem blocking those, but today I am getting them from a hotmail machine??? Here is some of my log info:12:02 07:18 SMTPD(1B2D002E) [66.140.194.140] connect 207.46.181.44 port 3558 12:02 07:18 SMTPD(249C0032) [66.140.194.140] connect 207.46.181.44 port 3560
yep, that's MS ip : # dig -x 207.46.181.44 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; res_nsend to server default -- 66.64.14.19: Operation timed out tx1# dig -x 207.46.181.44 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; 44.181.46.207.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 44.181.46.207.in-addr.arpa. 1H IN PTR cpimssmtpb04.msn.com.
It's real b!tch, same with earthlink, tons of spam mixed in with plenty of valid mail.12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] EHLO cpimssmtpoa04.msn.com 12:02 07:18 SMTPD(249C0032) [207.46.181.44] EHLO cpimssmtpoa04.msn.com 12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] MAIL FROM:<> 12:02 07:18 SMTPD(249C0032) [207.46.181.44] MAIL FROM:<> 12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] RCPT TO:<[EMAIL PROTECTED]> 12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] ERR mail.areatech.com invalid user <[EMAIL PROTECTED] 12:02 07:18 SMTPD(249C0032) [207.46.181.44] RCPT TO:<[EMAIL PROTECTED]> 12:02 07:18 SMTPD(249C0032) [207.46.181.44] ERR mail.areatech.com invalid user <[EMAIL PROTECTED] 12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] MAIL FROM:<> 12:02 07:18 SMTPD(249C0032) [207.46.181.44] MAIL FROM:<> 12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] RCPT TO:<[EMAIL PROTECTED]> 12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] ERR mail.areatech.com invalid user <[EMAIL PROTECTED] 12:02 07:18 SMTPD(249C0032) [207.46.181.44] RCPT TO:<[EMAIL PROTECTED]> 12:02 07:18 SMTPD(249C0032) [207.46.181.44] ERR mail.areatech.com invalid user <[EMAIL PROTECTED] 12:02 07:18 SMTPD(1B2D002E) [207.46.181.44] MAIL FROM:<> I would love to block this address, but with it being hotmail I don't know if I should.
And here, you can't filter on MAIL FROM: either.
just live with it, or if the volume is too high, block the ip temporarily, but not that then they will try your backup mx, too.
There really isn't any easy, automatic solution.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
