Re: strangespam

Thu, 06 Jun 2002 12:11:23 -0700 

On 06/06/02 at 11:59, sascha wrote:

> hi there.
> 
> i am getting tons (megabyte a day)
> of errormessages like the ones
> below. from various changing ip adresses. all to
> adresses that dont exist on our server at all.
> pretty random names.
> 
> what is this guy trying to do?
> and how can i prevent him from doing it?
> 
> any idea?

Looks like a dictionary address harvesting attempt. IOW, the 'attacker' is
attempting to build a list of valid addresses by trying to send mail to an
arbitrary list of addresses. Presumably, any addresses for which mail is
accepted will be added to the harvester's list of valid addresses. If
you're using 1.8b8 or one of the 1.8b9 development versions, SIMS will
recognize this type of harvesting attack and add the remote host's IP
address (61.188.250.8 in this case) to a temporary blacklist, so as to
disrupt the harvester's operation. When that happens, SIMS will write a
couple of log entries to that effect.

> 18:41:05 1 SMTP-555([61.188.250.8]) Recipient '<[EMAIL PROTECTED]>' 
> rejected: user unknown
> 18:41:06 1 SMTP-555([61.188.250.8]) Recipient '<[EMAIL PROTECTED]>' 
> rejected: user unknown
> 18:41:06 1 SMTP-555([61.188.250.8]) Recipient '<[EMAIL PROTECTED]>' 
> rejected: user unknown
> 18:41:07 1 SMTP-555([61.188.250.8]) Recipient '<[EMAIL PROTECTED]>' 
> rejected: user unknown
> 18:41:08 1 SMTP-555([61.188.250.8]) Recipient '<[EMAIL PROTECTED]>' 
> rejected: user unknown
> 18:41:08 1 SMTP-555([61.188.250.8]) Recipient '<[EMAIL PROTECTED]>' 
> rejected: user unknown
> 18:41:09 1 SMTP-555([61.188.250.8]) Recipient '<[EMAIL PROTECTED]>' 
> rejected: user unknown

-- 
                   Christopher Bort | [EMAIL PROTECTED]
            Webmaster, Global Homes | [EMAIL PROTECTED]
                      <http://www.globalhomes.com/>

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

Reply via email to