I'm getting LOTS of ORBS hits suddenly, like this:
Jun 5 22:41:00 gw smtpd: 928640460.637397 rblsmtpd: pid 4196: 451 See
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an
insecure email relay. This is a generic text message.
Jun 5 22:41:02 gw smtpd: 928640462.642219 rblsmtpd: pid 4198: 451 See
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an
insecure email relay. This is a generic text message.
Jun 5 22:41:03 gw smtpd: 928640463.555417 rblsmtpd: pid 4199: 451 See
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an
insecure email relay. This is a generic text message.
Jun 5 22:41:04 gw smtpd: 928640464.110713 rblsmtpd: pid 4200: 451 See
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an
insecure email relay. This is a generic text message.
Every second or two, on for hours. Normal mail traffic seems to be
working okay. I upgraded ezmlm+idx today, and I applied the
qmail-verh patch, so I *could* have knocked something over; but the
ORBS hits at least have been going on all day in the log-file (must
have been going yesterday too, they start immediately on log rollover
today), well before I touched any software, so I don't *think* I
caused this problem myself.
The frequency is too low to be a deliberate DOS attack, I'd think --
one connect every second or so, while it's making the logs grow, isn't
really hurting me, and looks more like persistence than malice.
Unfortunately rblsmtpd fails to log anything useful; it just gives the
TXT record from ORBS, and ORBS has chosen not to have them say
anything meaningful / useful. What I want, of course, is the IP
address the connect was from. Has anybody patched rblsmtpd to log
that already? It looks darned easy -- except that I don't speak Dan's
non-stdio library. I'll probably tackle it eventually anyway if
nobody has done the deed.
Am I overlooking some other reasonable way to find out where this is
coming from easily?
--
David Dyer-Bennet [EMAIL PROTECTED]
http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
http://ouroboros.demesne.com/ The Ouroboros Bookworms
Join the 20th century before it's too late!