-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2015-10-21 at 09:22 -0700, Spam Auditor wrote:
> Is that really the IP Address?
Yes, all of these attempts used EHLO [real.ip.address]
> There is no PTR record associated with
> that IP Address, and I would start with that. No one should all
On 15-10-21 09:06 AM, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2015-10-21 at 08:51 -0700, Spam Auditor wrote:
Sounds like the AUTH-FAIL attack, which we have seen operating on
Windows machines, eg mailcracker.exe.
No attempt at auth:
<-- EHLO [2.50.185.14
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2015-10-21 at 08:51 -0700, Spam Auditor wrote:
> Sounds like the AUTH-FAIL attack, which we have seen operating on
> Windows machines, eg mailcracker.exe.
No attempt at auth:
<-- EHLO [2.50.185.146]
--> 250 ...
<-- MAIL FROM: BODY=7BIT
On Behalf Of Lou Katz
Sent: Tuesday, October 20, 2015 3:29 PM
To: mailop@mailop.org
Subject: [mailop] Odd attack experienced
Today I was hit wit an attack from multiple sources:
(over 32,000 in the log. I run sendmail)
mail from: <>
rcpt to:
rset
over and over. No
On Wed, Oct 21, 2015 at 11:31:25AM -0400, eric-l...@truenet.com wrote:
> I don't know if this is possible with milter, but could you setup a block
> rule that logs ips for a deny afterwards?
> IE. Sort of like a greylist but the opposite effect.
I have done something of the sort with a syslog stre
ailop [mailto:mailop-boun...@mailop.org] On Behalf Of Lou Katz
Sent: Tuesday, October 20, 2015 3:29 PM
To: mailop@mailop.org
Subject: [mailop] Odd attack experienced
Today I was hit wit an attack from multiple sources:
(over 32,000 in the log. I run sendmail)
mail from: <>
rcpt to:
Today I was hit wit an attack from multiple sources:
(over 32,000 in the log. I run sendmail)
mail from: <>
rcpt to:
rset
over and over. Notice the missing hostname.
Anyone have any clever (or stupid) ways to stop this?
Anyone seen it before and/or know what its real pur
