Quoth Bill Campbell:
> On Fri, Sep 26, 2003, Kurt Wall wrote:
> >Oh, this is just *too* ridiculous. I log my spam rejections and keep a
> >graph of rejected connection attempts to my SMTP server. Thanks to
> >Swen, on 24 September, Postfix rejected 4628 attempts just from hosts
> >lacking hostnames that resolve to known IP address.
>
> I'm not sure you can attribute that entirely to the latest worm to attach
> the Microsoft virus, Windows. Of 13,503 rejected attempts on our primary
> mail server yesterday, 6,557 were for no rDNS, 1,220 from bad HELO
> (attempting to masquerade as one of our servers), 1,599 from bad MAIL FROM
> (no ``A'' or ``MX'' records for the domain part of the alleged sender).
> Our backup mail server rejected 26,965 attempts, 6,181 for no rDNS, 6,710
> bad HELO, and 1,631 for bad MAIL FROM.
>
> I'm seeing about 300 incoming worms a day just to my personal addresses,
> almost all of which claim to be patches for Windows.
The numbers boggle my mind, because I have a dinky little server with a
small Web site and one mailing list. The reason I attribute it to the
latest worm is that my typical volume of failed rDNS rejects has never
been more than 100 in the almost three months I've been tracking it.
Suddenly, it went into to orbit:
09/25 4628
09/24 18
09/23 23
09/22 20
09/21 27
09/20 14
09/19 9
09/18 43
09/17 19
09/16 8
I guess it doesn't matter whither or whence. At that volume, it starts
to approach DoS attempts on my mail server.
Kurt
--
If I traveled to the end of the rainbow
As Dame Fortune did intend,
Murphy would be there to tell me
The pot's at the other end.
-- Bert Whitney
_______________________________________________
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc -> http://mail.linux-sxs.org/mailman/listinfo/linux-users
