Jul 13 00:32:46 www postfix/smtpd[23202]: 689971A2C019: client=sccrmxc19.comcast.net[204.127.202.99]
Jul 13 00:32:46 www postfix/smtpd[23202]: 689971A2C019: reject: RCPT
from sccrmxc19.comcast.net[204.127.202.99]: 450
: User unknown in local recipient table;
from=<> to= proto=ESMTP
helo=
Jul 13 00:32:48 www postfix/smtpd[23202]: disconnect from sccrmxc19.comcast.net[204.127.202.99]
Jul 13 00:32:49 www postfix/smtpd[7875]: warning: 207.178.128.39: address not listed for hostname mail3.iswest.com
Jul 13 00:32:49 www postfix/smtpd[7875]: connect from unknown[207.178.128.39]
Jul 13 00:32:50 www postfix/smtpd[7875]: 24D591A2C019: client=unknown[207.178.128.39]
Jul 13 00:32:50 www postfix/smtpd[7875]: 24D591A2C019: reject: RCPT
from unknown[207.178.128.39]: 450 : User
unknown in local recipient table; from=<>
to= proto=SMTP helo=
Jul 13 00:32:51 www postfix/smtpd[7875]: disconnect from unknown[207.178.128.39]
Jul 13 00:32:52 www postfix/smtpd[15756]: connect from nutshell.tislabs.com[192.94.214.100]
Jul 13 00:32:52 www postfix/smtpd[15756]: 96BA31A2C019: client=nutshell.tislabs.com[192.94.214.100]
Jul 13 00:32:52 www postfix/smtpd[15756]: 96BA31A2C019: reject: RCPT
from nutshell.tislabs.com[192.94.214.100]: 450
: User unknown in local recipient table;
from=<> to= proto=ESMTP
helo=
Jul 13 00:32:57 www postfix/smtpd[7776]: connect from taloa.unice.fr[134.59.1.7]
Jul 13 00:32:57 www postfix/smtpd[7776]: CF9C51A2C019: client=taloa.unice.fr[134.59.1.7]
Jul 13 00:32:57 www postfix/smtpd[7776]: CF9C51A2C019: reject: RCPT
from taloa.unice.fr[134.59.1.7]: 450 :
User unknown in local recipient table;
from= to=
proto=ESMTP helo=
Jul 13 00:32:46 www postfix/smtpd[23202]: 689971A2C019: reject: RCPT
from sccrmxc19.comcast.net[204.127.202.99]: 450
: User unknown in local recipient table;
from=<> to= proto=ESMTP
helo=
Jul 13 00:32:48 www postfix/smtpd[23202]: disconnect from sccrmxc19.comcast.net[204.127.202.99]
Jul 13 00:32:49 www postfix/smtpd[7875]: warning: 207.178.128.39: address not listed for hostname mail3.iswest.com
Jul 13 00:32:49 www postfix/smtpd[7875]: connect from unknown[207.178.128.39]
Jul 13 00:32:50 www postfix/smtpd[7875]: 24D591A2C019: client=unknown[207.178.128.39]
Jul 13 00:32:50 www postfix/smtpd[7875]: 24D591A2C019: reject: RCPT
from unknown[207.178.128.39]: 450 : User
unknown in local recipient table; from=<>
to= proto=SMTP helo=
Jul 13 00:32:51 www postfix/smtpd[7875]: disconnect from unknown[207.178.128.39]
Jul 13 00:32:52 www postfix/smtpd[15756]: connect from nutshell.tislabs.com[192.94.214.100]
Jul 13 00:32:52 www postfix/smtpd[15756]: 96BA31A2C019: client=nutshell.tislabs.com[192.94.214.100]
Jul 13 00:32:52 www postfix/smtpd[15756]: 96BA31A2C019: reject: RCPT
from nutshell.tislabs.com[192.94.214.100]: 450
: User unknown in local recipient table;
from=<> to= proto=ESMTP
helo=
Jul 13 00:32:57 www postfix/smtpd[7776]: connect from taloa.unice.fr[134.59.1.7]
Jul 13 00:32:57 www postfix/smtpd[7776]: CF9C51A2C019: client=taloa.unice.fr[134.59.1.7]
Jul 13 00:32:57 www postfix/smtpd[7776]: CF9C51A2C019: reject: RCPT
from taloa.unice.fr[134.59.1.7]: 450 :
User unknown in local recipient table;
from= to=
proto=ESMTP helo=
It seems that if the spammers really wanted to find valid user names,
they would just use first names as the usernames. I would think that
by using FirstName+LastName they will only be 25% as likely to find
valid usernames.
This makes me want to write a script that goes through my logs and then notifies the isp about the zombies on their networks.
update:
This mail attack was starting to have a load on my server. There are a
lot of smtp connections to the server, and this is causing other
connections to take a long time. I have looked through the logs for
the past two days, and I have got a list of the ip addresses. There
were about 850 computers that sent 12000 email requests.
I have changed postfix to reject connections from those computers.   I will look at the logs tomorrow, and update the list
If this doesn't work, I will move the mx record for this domain to a different machine.
No comments:
Post a Comment