You don't need to do anything to attract spammers; they just show up. You don't need to do anything to be probed for being an open relay other than have an available SMTP port on the internet. Your IP will be probed. I recently installed a computer on broadband for my uncle. Within 5 minutes of enabling his computer, the firewall reported the first probes. People looking for SMTP, MS SQL, and other exploits.
of course, but for the reasons i outlined previously you aren't going to be able to capture much more useful information than" "IP address a.b.c.d tried to perform a relay". as you point out below this can be easily tracked using a typically installed machine (provided you have some ability to process your logs). there isn't a need to try to be a 'faux open relay'. it only invites problems.
My own firewall tracks in excess of 20 GIGABYTES of probes per month, all courtesy of Windows machines.
Our public mail server blocks anywhere from a few 100 spams per day to 1500+. They seem to run in waves. The numbers were much higher when we first started the server, but they seem to have dropped off; perhaps the spambots are realizing that we aren't productive for them.
In any event, since he isn't actively rejecting them (from their perspective), they'll assume that he is an open relay. Unlike DNSRBL scanners, which wait to get a reply.
they will assume this for a single session unless they are just trying to propagate viruses (hit & run/script spamming). again, there is value to observing hit & runs, but since james gives OKs to any tp/from address condition under normal operating conditions the above argument continues to hold true.
b
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
