> >Why couldn't one just ACL the offending ip's at the border router? Are the > >attacks from various ISP's? > >Yes, here's the Top 30, mostly DSL and cable: > >Host/Domain Summary: SMTPD Connections (top 30) > connections time conn. avg./conn. max. time host/domain > ----------- ---------- ---------- --------- ----------- > 12654 32:00:06 9s 247s attbi.com > 9489 28:10:58 11s 299s comcast.net > 6674 64:16:48 35s 117s rima-tde.net
note that in this section of the report, all IPs with PTR hostname under domain.TLD are consolidated to one report line, so those 3 lines above represent several 1000 different IPs. Len
