On Wednesday, May 18, 2005, 12:05:13 AM, Monty Ree wrote:
Hello, all.
When I see maillog, I can see lots of logs like below..
Some spammer send spam mails from [EMAIL PROTECTED] to [EMAIL PROTECTED], I guess.
So mail server load is high to accept this spam and reply with"User unknown".
Is there any good way or solution against thess series spam?
Thanks in advance.
May 18 15:11:04 mail02 sendmail[22487]: j4I6B4i22487: <[EMAIL PROTECTED]>... User unknown
May 18 15:11:04 mail02 sendmail[22490]: j4I6B4i22490: <[EMAIL PROTECTED]>... User unknown
May 18 15:11:04 mail02 sendmail[22493]: j4I6B4i22493: <[EMAIL PROTECTED]>... User unknown
May 18 15:11:04 mail02 sendmail[22494]: j4I6B4i22494: <[EMAIL PROTECTED]>... User unknown
May 18 15:11:05 mail02 sendmail[22498]: j4I6B5i22498: <[EMAIL PROTECTED]>... User unknown
May 18 15:11:05 mail02 sendmail[22515]: j4I6B5i22515: <[EMAIL PROTECTED]>... User unknown
May 18 15:11:05 mail02 sendmail[22516]: j4I6B5i22516: <[EMAIL PROTECTED]>... User unknown
May 18 15:11:06 mail02 sendmail[22525]: j4I6B6i22525: <[EMAIL PROTECTED]>... User unknown
This is called a "dictionary attack". If you search for that and sendmail, you may find some answers. It's not specifically a SpamAssassin question.
Jeff C.
What I do for these kinds of e-mails is just block them at the sendmail level. If you're using FC2 (paths on other OS's may vary), just add a line like this in /etc/mail/access:
xxxxx.com REJECT
This file is to allow relay access to domains. If you block out xxxxx.com, these messages will be rejected at the sendmail level.
Saurabh.
-- -------------------------------------------------------------------------- "Yours is to work. The results will take care of themselves" -- Swami Vivekanad --------------------------------------------------------------------------
Saurabh Barve [EMAIL PROTECTED] (970)491-7714
