Anyone else noticing more concurrent incoming SMTP connections in last couple of weeks ?
Chances are it's a buggy botnet, and has been discussed in various places including: http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx and I'm guessing is responsible for the recent "smtp_reserve_hosts" thread on exim-users. Suggestions seem to include lowering timeouts - which seems likely to break legit things. Perhaps it's time to switch our DNSBL etc tests from "deny" to "drop" mode. Is there any obvious downside to this ? Do most folk use drop already ? Thanks! Chris -- Chris Edwards, Glasgow University Computing Service -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
