On Thu, Aug 24, 2000 at 05:09:50PM -0700, Jon Rust wrote:
> Oy! This thread made me curious so I was grepping through my smtpd logs.
> As they were streaming down the screen, it seemed like there were an
> awful lot of a particular address. 195.25.12.67 and 75 seemed to be
> showing up every line almost. In fact, in less than 3 days of logs I
> show those addresses being rejected... take a deep breath... more than
> 38,000 times. Yikes. Either they are pushing some major amounts of spam,
> or someone there is a blockhead and doesn't understand error messages.
Whenever I see this kind of thing happen, it invariably turns out to be some
moronic Microsoft SMTP MTA on the other end. Your example is a case in point:
[cjohnson@mail cjohnson]$ telnet 195.25.12.67 25
Trying 195.25.12.67...
Connected to s2.gen.oleane.net.
Escape character is '^]'.
220-s2.gen.oleane.net Microsoft SMTP MAIL ready at Fri, 25 Aug 2000 02:21:33 +0200
Version: 5.5.1877.197.19
220 ESMTP spoken here
I suspect that you're not using the -b option to rblsmtpd, which causes
rblsmtpd to send a 553 (permanent) error code to an RBL'ed client rather than
the default 451 (temporary). Microsoft MTAs interpret the 451's "Try again
later" as "Try again as soon as you can, and keep trying over and over and over
as quickly as you possibly can."
If you want to shut this guy up, give rblsmtpd the -b option, or stick
something like the following in your SMTP rules file (assuming you're using
tcpserver):
195.25.12.67:allow,RBLSMTPD="-Buzz off, bonehead. You're bothering me."
The leading '-' makes the error permanent for this particular IP address.
Or, firewall his ass.
Chris
