Kai Schaetzl wrote: > For about 48 hours I see an increase in attempts to unload spam to our > clients.
For the past 12 months I have seen endless attempts to send mail to invalid addresses. I get 1,000 per hour, every hour for every day of the working week. Off hours is slightly lower, during peak (mon-thur) it's slightly higher. It never stops, our sendmail is telling these people to stop sending mail to those addresses but it falls on deaf eyes. > Many of the connects seem to be endless = they keep the > sendmail process with almost no data open until I kill them after a > while. This happens on several machines, sometimes looking a bit like > a "wave" and many of the target email addresses are no longer on > these machines but moved to another MX. It looks like there have been > old MX records from half a year ago or so been activated. But the > stuff comes from dialups all over the world, so it can't be some > provider's nameserver handing out bogus info. > It's not in any way near a DoS attack, but I'm curious. Anyone seeing > similar mysterious spam waves? Yes we see similar attacks. We use an internal mail server which at one time was listed as the mx for our domain and we still see direct spams to it once in a while, it could be due to easy to guess name of mail.domain but who knows, these guys could keep their own phonebook of ips to send spam at.
