This IP (168.121.195.104) is currently listed in the XBL, CSS and PBL at Spamhaus
On 5/31/23 07:22, Jarland Donnell via Exim-users wrote: > > > I've been following this particular botnet pretty closely. It's an > incredible one. If anyone is interested, I have a list of IPs of this > botnet that increase daily: > https://github.com/mxroute/da_server_updates/blob/master/sec/botnet.list > > It's been a good while since I've seen a botnet this persistent and slow > to reveal itself. Usually one of this size blows it's wad all in one go > and you can list out every currently infected PC/IP in a day or so. This > one seems to either be taking it's time, or is adding new systems to > it's list at a very solid pace. > > On 2023-05-28 16:09, Jim Fenton via Exim-users wrote: > >> It seems like some of the spammers have changed tactics and are now >> sending messages with 98 or so bad RCPT addresses, which (happily) >> Exim detects. But now I'm getting a flood of messages in syslog, such as: >> >> 2023-05-28 00:24:39 REJECT [168.121.195.104]: bad recipient count high >> [9] >> 2023-05-28 00:24:39 H=([168.121.195.104]) [168.121.195.104] >> F=<[email protected]> >> rejected RCPT <[email protected]>: Rejected for too many bad >> recipients >> >> …many lines deleted… >> >> 2023-05-28 00:24:39 REJECT [168.121.195.104]: bad recipient count high >> [98] >> 2023-05-28 00:24:39 H=([168.121.195.104]) [168.121.195.104] >> F=<[email protected]> rejected RCPT <[email protected]>: >> Rejected for too many bad recipients >> >> I can easily change the configuration to make this happen silently, >> but I would like some visibility that this is happening, for example, >> in my daily logwatch output. Has anyone devised a way to cut down on >> the number of messages without eliminating them entirely? >> >> -Jim > -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
