Verizon has caused a lot of us a lot problems and lost time over the
past couple years with their weird blocking policies and
difficult-to-contact mail admin people.
I'm working for a high-volume Imail "mail cleaning" client who was
asked to save the mail flow of domain that had been shut down by a
very high volume, very distributed attack. IMGate saved the domain,
but now we're trying to save IMGate! Just joking, IMGate is holding
up extremely well.
Hanging up on a TCP session after 3 SMTP 5xx rejects (bad recip), and
hanging up on a TCP session when an IP has connected to IMGate more
that 20 times in 30 minutes
... are the two extremely efficient policies that render the attack
manageable.
We firewall-blocked the worst-of-the-worst Class C in Poland. For the
last 3 days, the highest volume attack has been from the MTAs at our
friends over at Verizon.
This report is for 00:00 to 10:30 Monday, is
1) the number of rejects of unknown recipient
2) per sending IP:
831 big-1c.inet.it[213.92.5.8]:
724 sv23pub.verizon.net[206.46.252.159]:
723 vc01.odins.osaka-u.ac.jp[133.1.192.51]:
717 sv10pub.verizon.net[206.46.252.146]:
714 sv5pub.verizon.net[206.46.252.141]:
714 sv19pub.verizon.net[206.46.252.155]:
710 sv17pub.verizon.net[206.46.252.153]:
704 sv9pub.verizon.net[206.46.252.145]:
703 sv22pub.verizon.net[206.46.252.158]:
702 sv7pub.verizon.net[206.46.252.143]:
702 sv20pub.verizon.net[206.46.252.156]:
701 sv4pub.verizon.net[206.46.252.140]:
700 sv3pub.verizon.net[206.46.252.139]:
700 sv27pub.verizon.net[206.46.252.163]:
700 sv14pub.verizon.net[206.46.252.150]:
698 sv6pub.verizon.net[206.46.252.142]:
697 sv21pub.verizon.net[206.46.252.157]:
697 sv11pub.verizon.net[206.46.252.147]:
696 sv28pub.verizon.net[206.46.252.164]:
696 sv25pub.verizon.net[206.46.252.161]:
695 sv18pub.verizon.net[206.46.252.154]:
694 sv8pub.verizon.net[206.46.252.144]:
694 sv1pub.verizon.net[206.46.252.137]:
692 sv16pub.verizon.net[206.46.252.152]:
690 sv24pub.verizon.net[206.46.252.160]:
687 sv15pub.verizon.net[206.46.252.151]:
686 sv13pub.verizon.net[206.46.252.149]:
682 sv26pub.verizon.net[206.46.252.162]:
682 sv12pub.verizon.net[206.46.252.148]:
656 mail2.intuit.com[12.149.175.12]:
644 smtp-haw.frontbridge.com[12.129.219.126]:
600 mail9.tpgi.com.au[203.12.160.104]:
583 mail6.tpgi.com.au[203.12.160.113]:
574 mail5.tpgi.com.au[203.12.160.101]:
568 mail.acro.com[67.52.56.90]:
565 mail7.tpgi.com.au[203.12.160.103]:
560 smtp-out2.net.av.oleane.com[195.25.12.12]:
521 mail4.tpgi.com.au[203.12.160.61]:
507 capp.info[66.77.160.10]:
501 webmail.thai.com[203.150.217.100]:
486 unknown[204.9.125.51]:
485 smtpout.colosseum.com[207.139.99.2]:
482 ftp.esecurecare.com[206.126.160.95]:
480 mail.abebooks.com[64.251.77.205]:
476 unet-mx1.uk.clara.net[195.102.244.134]:
473 mxout.iskon.hr[213.191.128.10]:
473 mforward.dtag.de[194.25.242.123]:
etc.
The report contains 145316 IPs. :) IMGate machine is 95% idle. :)
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/