The way I handled them was to change the Postmaster account password to
something extremely hard
...so far so good...
then started blocking their IPs in the blacklist.
Useless, unfortunately. They're trying SMTP AUTH, which bypasses the blacklist when successful. Only way to stop that is to block 'em at the firewall. I have most of Asia unable to even get to my SMTP port after several such experiences. Be aware they'll likely try POP too....
I have only:
# Chinese spammers ALL: 218.188.0.0/255.255.0.0 : deny ALL: 218.189.0.0/255.255.0.0 : deny
# fpcservers.com spammers (freeprizeclub.com) # 50K attempts in one day ALL: 209.133.28.0/255.255.255.0 : deny ALL: 209.133.29.0/255.255.255.0 : deny ALL: .fpcservers.com : deny
in hosts.deny on my OS X machine (easier than setting up firewall rules)
I scan my logs periodically for evidence of dictionary styled password attacks and deny the IP, the Class C, or sometimes the Class B.
-- You are responsible for your Rose Rule #5 Get Kirsten Dunst Wet
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
