LOTS of Orbs hits

Sat, 5 Jun 1999 19:55:57 -0700 

I'm getting LOTS of ORBS hits suddenly, like this:

Jun  5 22:41:00 gw smtpd: 928640460.637397 rblsmtpd: pid 4196: 451 See 
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an 
insecure email relay. This is a generic text message.
Jun  5 22:41:02 gw smtpd: 928640462.642219 rblsmtpd: pid 4198: 451 See 
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an 
insecure email relay. This is a generic text message.
Jun  5 22:41:03 gw smtpd: 928640463.555417 rblsmtpd: pid 4199: 451 See 
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an 
insecure email relay. This is a generic text message.
Jun  5 22:41:04 gw smtpd: 928640464.110713 rblsmtpd: pid 4200: 451 See 
http://www.orbs.org/blocked.cgi. Your mailserver is in the ORBS database as an 
insecure email relay. This is a generic text message.

Every second or two, on for hours.  Normal mail traffic seems to be
working okay.  I upgraded ezmlm+idx today, and I applied the
qmail-verh patch, so I *could* have knocked something over; but the
ORBS hits at least have been going on all day in the log-file (must
have been going yesterday too, they start immediately on log rollover
today), well before I touched any software, so I don't *think* I
caused this problem myself.

The frequency is too low to be a deliberate DOS attack, I'd think --
one connect every second or so, while it's making the logs grow, isn't
really hurting me, and looks more like persistence than malice.
Unfortunately rblsmtpd fails to log anything useful; it just gives the
TXT record from ORBS, and ORBS has chosen not to have them say
anything meaningful / useful.  What I want, of course, is the IP
address the connect was from.  Has anybody patched rblsmtpd to log
that already?  It looks darned easy -- except that I don't speak Dan's
non-stdio library.  I'll probably tackle it eventually anyway if
nobody has done the deed.

Am I overlooking some other reasonable way to find out where this is
coming from easily?
-- 
David Dyer-Bennet                                              [EMAIL PROTECTED]
http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon
http://ouroboros.demesne.com/ The Ouroboros Bookworms
Join the 20th century before it's too late!

Reply via email to