Mike Cisar <[EMAIL PROTECTED]> wrote:
They don't seem to be coming from any consistent IP address (or region). Problem is of course that the mailserver's connections get tied up processing rejecting this crap (and of course it's chewing up my transfer allocation bit by tiny bit). The addresses are similar to these... IgnaciogalvestonBriggs@ DallasexhibitionAlvarado@ ReginaldFleming@
I see them here too (columbia.edu). Sometimes the sender domain does not exist, and otherwise the recipient is no good. There are not many that get as far as a milter, but here are some. Looks like gambling. Example 1: Rejected for a one-word HELO (i.e. it had no dots). Its subject was "Single-hand blackjack.." Example 2: Sender host was in Spamhaus. "Come see what it means to be a VIP." Example 3: Another Spamhaus catch. "Get your bonus and walk the red carpet to winnings and fun." Note in passing, envelope senders =~ /<[A-Z][a-z]+[A-Z][a-z]\@/ seem to be quite rare, other than spam. I don't know what is in the header From: since I can't find any reported to us. The unknown senders and recipients should be a fast rejection. You can stop at MAIL or RCPT. You can't get better than that unless you can reject by sender IP, which is not practical with a botnet. Joseph Brennan Columbia University Information Technology
