Recent observation of (non-SIMS) mail receiver log shows three types of "interesting" activity:
1) Failed attempted relays, from various addresses to a limited set of <RCPT TO>, obviously looking for open relays. 2) Short SMTP transactions, ending with <RSET>; no message sent, possibly just checking validity of local address. 3) Like (2), but ending with a disconnect instead of a <RSET>. Further checking shows that while the "sending host" in case #1 may or may not be on a blacklist, the senders in cases #2 and #3 are almost always mentioned in SPEWS and other blacklists. From a limited corpus of experience, #2 and #3 seem to be a good proactive research tool. SIMS has a mechanism for handling and logging case #1, the attempted relay. (The SIMS log shows activity similar to the other mail receiver, but only one probe for every three on the other system). Is there a mechanism for detecting case #2 and #3 in SIMS? How is it logged? ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
