Quoth Bill Campbell: > On Fri, Sep 26, 2003, Kurt Wall wrote: > >Oh, this is just *too* ridiculous. I log my spam rejections and keep a > >graph of rejected connection attempts to my SMTP server. Thanks to > >Swen, on 24 September, Postfix rejected 4628 attempts just from hosts > >lacking hostnames that resolve to known IP address. > > I'm not sure you can attribute that entirely to the latest worm to attach > the Microsoft virus, Windows. Of 13,503 rejected attempts on our primary > mail server yesterday, 6,557 were for no rDNS, 1,220 from bad HELO > (attempting to masquerade as one of our servers), 1,599 from bad MAIL FROM > (no ``A'' or ``MX'' records for the domain part of the alleged sender). > Our backup mail server rejected 26,965 attempts, 6,181 for no rDNS, 6,710 > bad HELO, and 1,631 for bad MAIL FROM. > > I'm seeing about 300 incoming worms a day just to my personal addresses, > almost all of which claim to be patches for Windows.
The numbers boggle my mind, because I have a dinky little server with a small Web site and one mailing list. The reason I attribute it to the latest worm is that my typical volume of failed rDNS rejects has never been more than 100 in the almost three months I've been tracking it. Suddenly, it went into to orbit: 09/25 4628 09/24 18 09/23 23 09/22 20 09/21 27 09/20 14 09/19 9 09/18 43 09/17 19 09/16 8 I guess it doesn't matter whither or whence. At that volume, it starts to approach DoS attempts on my mail server. Kurt -- If I traveled to the end of the rainbow As Dame Fortune did intend, Murphy would be there to tell me The pot's at the other end. -- Bert Whitney _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://mail.linux-sxs.org/mailman/listinfo/linux-users