Checking logs tonight for another reason, I decided to take a quick look through for IPs to add to my blacklist.
I noticed the following from 9/30 (I suspect this is not the only time it's happened): 23:44:22 1 SMTP-479([67.105.249.169]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:44:27 1 SMTP-480([64.105.178.107]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:08 1 SMTP-488([24.199.96.216]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-496([128.118.141.39]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-495([216.123.100.215]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-494([67.105.21.170]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-493([4.35.200.73]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-492([63.145.26.162]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-491([66.200.212.90]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-490([67.104.74.70]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:11 1 SMTP-489([63.254.221.179]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:12 1 SMTP-487([67.104.74.70]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:12 1 SMTP-486([66.21.65.2]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:12 1 SMTP-485([66.200.161.194]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:12 1 SMTP-484([65.33.213.19]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:12 1 SMTP-483([66.109.72.163]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:12 1 SMTP-497([80.19.233.171]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:17 1 SMTP-498([65.169.242.133]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:18 1 SMTP-500([64.56.103.164]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:45:19 1 SMTP-499([64.147.3.84]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:46:23 1 SMTP-509([63.145.26.162]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 23:46:24 1 SMTP-515([24.199.96.216]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown etc... txinfinet.com is a domain that we used a fair bit years ago, but it's mostly idle now. There are only a few active addresses, and all those above (and a lot more like them) are not and have never been addresses at that domain. Reverse lookups on the IPs show that this attack appears to be coming from all over the place: 1 Domain name does not exist 2 h-64-105-178-107.sfldmidn.covad.net. 3 user-0cceo6o.cable.mindspring.com. 4 f04s11.cac.psu.edu. 5 trt-on56-87.netcom.ca. 6 Domain name does not exist 7 tamqfl1-ar1-200-073.biz.dsl.gtei.net. 8 mail.edpworld.com. 9 Domain name does not exist etc... Obviously, it's a dictionary attack with spoofed IPs (is that possible?) or relayed off a bunch of random servers. How do we battle that? -- Bill Christensen [EMAIL PROTECTED] Green Building Professionals Directory: http://directory.greenbuilder.com Sustainable Building Calendar: http://www.greenbuilder.com/calendar/ Green Real Estate: http://www.greenbuilder.com/realestate/ Straw Bale Registry: http://sbregistry.greenbuilder.com/ ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
