Hi Just a clarification on the issue, as we just got a 2nd similar complaint from another Tor Exit node operator (obviously same attacker being routed through another exit, guessing from the involved email addresses).
The Spamtrap / HoneyPot in question not only listens to port 25 but also listens on port 465 (smtps) and 587 (submission). If an attacker is doing some dictionary attack on this to check for valid passwords (every authentication attempt is accepted) or attempts to relay spam mails (every relay attempt is answered with 200 OK) he is being blacklisted and an ARF reports is sent to the abuse contact of the submitting IP range. This is what causes those reports, not emails received on port 25. But I guess, just silently blacklisting Tor exist nodes and not sending a ARF report to the ISP could be an option to solve that issue. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
pgpezbCQbB6W1.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
