Group, We have been getting spammed every 3-5 mins for about a week with email. It seems to be a dictionary attack using all known first names paired with @<ourdomain>. My guess is they are attempting to acquire valid email address by collecting the bounces and comparing what they sent - if no bounce, then it is a valid address.
Okay, so I don't want email from them, I look at the inet headers and find it seems to be from the asia-pacifc netblock (big yawn). On our SW Pro, I blocked SMTP from 210.0.0.0 thru 211.255.255.255 to our email gateway on our DMZ. This works like a champ. Is this the correct range, or can I expand if further? I remember a post a few months back can't find. Thanks, DL Meade, CNE, MCP Network Administrator Frankfurt-Short-Bruza www.fsb-ae.com <http://www.fsb-ae.com> --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
