They appear to be coming mostly from zombie machines. An machine at a specific IP address will connect to my server, send spam to 10-or-so (non)users and disconnect. I typically see close to 100,000 SMTP connections per day to this server, but no single IP address more than 2 or 3 times.
Manually entering all of those addresses each day would be a little much, I think. Thanks, tho. -Dave Strzemienski ----- Original Message ----- From: "Marc A. Funaro" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 11, 2004 10:24 AM Subject: RE: [IMail Forum] Bounce to forged From address blacklisted my server can you determine the IP(s) that the dictionary attacks are coming from? If so, block them altogether? > -----Original Message----- > From: Dave Strzemienski [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 11, 2004 10:12 AM > To: [EMAIL PROTECTED] > Subject: [IMail Forum] Bounce to forged From address blacklisted my > server > > > I recently set up an IMail/mxGuard/ClamAV server that sits in > front of my > corporate email server. > It's been running for several days and has reduced the amount > of incoming > spam & viruses about 95% according to my users. > > But, I've now discovered that this new server is listed on > bl.spamcop.net. > > As far as I can tell, this is how it happened: > > Spammer forges the Mail-From address on a piece of junkmail and > dictionary-attacks my domains. > My intercept server processes & attempts to forward the > message to user(s) > that don't exist on the corporate server. > The corporate server informs the intercept server that the > user(s) don't > exist and does not accept the message. > The intercept server bounces the message to the forged > Mail-From address. > The Mail-From address that was forged by the spammer is > actually a Spam > Trap. > The Spam Trap server informs spamcop.net that my intercept > server is sending > messages with spam content. > > Is there anything I can do about this? > > I was going to set up a nobody alias, but I started receiving > upwards of > 10,000 messages a hour and my server slowed to a crawl. And > that was just > for one domain. > > Any help is appreciated! > Dave Strzemienski > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
