So is this a valid yahoo ip used for maybe their yahoogroups and other internal products? Or is this an outside mta used by their clients? I have run across this problem with AOL, an aol ip used for nothing but a dictionary attack.
PTRs looks kinda "unassigned" or "placeholder" but definitely delegated to yahoo:
tx1# dig -x 66.94.225.0
; <<>> DiG 9.2.3 <<>> -x 66.94.225.0 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29866 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION: ;0.225.94.66.in-addr.arpa. IN PTR
;; ANSWER SECTION: 0.225.94.66.in-addr.arpa. 120 IN PTR UNKNOWN-66-94-225-0.yahoo.com.
For example, just last night I had in the SMTPD Errors section of reports, Invalid User IP listed for about 60 of the ips in that c-block, and they resulted in over 5,000 attempts, all erring out. Do they just not handle bounces well? If i block that c-block, will it come back and haunt me?
look in your logs to see if any msgs to known users came from that Class C. if not, I'd block it. 5000 msgs to unknown recipients is clearly self-convicting abusive behavior nobody should tolerate.
Len
_____________________________________________________________________ http://MenAndMice.com/DNS-training : Atlanta; SFO; Denver; NYC http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
