I was analizing our Imail logs to track down a separate problem, and I ran across the log snippet below. Based on previous threads on this issue, it appears as though this person is running through common email names to verify users on the mail server. There are literally hundreds of examples per day in our logs of similar queries, to hundreds of domains that we host, from about 12 different IP addresses.
I'm happy to block the offending IP addresses through the SMTP "Control Access" button, but this seems like it's going to turn into a never-ending upkeep. Several of the IP addresses came from dialup pools in foreign countries. In order to block them for good, I would need to block entire Class B subnets, thereby likely also blocking legitimate users and mail servers on those subnets. Does anyone have a more realistic solution to this issue. All thoughts are welcome. Thanks, Ted Beckwith Easy CGI ----------------------------------------------------------------------- 03:10 00:33 SMTPD(027E029A) [216.150.152.46] connect 203.200.93.5 port 3847 03:10 00:33 SMTPD(027E029A) [203.200.93.5] HELO mail.nowhere.com 03:10 00:33 SMTPD(027E029A) [203.200.93.5] MAIL From: <[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] 03:10 00:33 SMTPD(027E029A) [203.200.93.5] RCPT To:<[EMAIL PROTECTED]> 03:10 00:33 SMTPD(027E029A) [203.200.93.5] ERR mail.easycgi.com invalid user <[EMAIL PROTECTED] ----------------------------------------------------------------------- ----------------------------------------------------------------------- ----- Original Message ----- From: "Eric Parsons" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, March 04, 2003 9:59 AM Subject: [IMail Forum] Another ip address to block > Have been getting these for the last 2 days all day long. It is a Road > Runner Biz account. Blocked ip in smtp acc file. > mail log went from 250k to 1.5meg > Just a heads up Eric > > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] EHLO pbimail7.prodigy.net > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] MAIL From: <[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT > To:<[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT > To:<[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:16 SMTPD(01BD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] EHLO smtp-gw-4.msn.com > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] MAIL From: <[EMAIL PROTECTED]> > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT To:<[EMAIL PROTECTED]> > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] RCPT > To:<[EMAIL PROTECTED]> > 03:04 00:49 SMTPD(01CD0130) [24.129.152.59] ERR okaloosatax.com invalid user > <[EMAIL PROTECTED] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
