Recent observation of (non-SIMS) mail receiver log shows three types of "interesting" activity:1) Failed attempted relays, from various addresses to a limited set of <RCPT TO>, obviously looking for open relays. 2) Short SMTP transactions, ending with <RSET>; no message sent, possibly just checking validity of local address. 3) Like (2), but ending with a disconnect instead of a <RSET>.
[snip]
As far as I know, no.Is there a mechanism for detecting case #2 and #3 in SIMS? How is it logged?
However, if a remote host tries to send mail to three non-existant addresses, SIMS will hold the line for 10 seconds. After that time elapses, if they get another address wrong, another 10 seconds. After that, another address, another 10 seconds. After the third time, it tempbans the remote host for 20 minutes.
It's quite effective, I've noticed, at stopping harvesters. It is these harvesters which are consuming most of the bandwidth on my server, scanning for addresses. Grr.
--
Pete Stephenson
HeyPete.com
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
