[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] OT - Logcheck mass sendmail events
- Subject: Re: [cobalt-users] OT - Logcheck mass sendmail events
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Fri May 11 06:00:26 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Brian Kane" <briankane@xxxxxx> wrote:
> Logcheck is showing alot of activity by someone trying random email
> addresses on our site. These lists are often long. What are these people
> doing? trying to confirm good email addresses?
Possibly. More likely, they aren't analyzing bounces. They're just sending
to a lot of email addresses with common aliases and hoping some get through.
When they're not paying for the bandwidth they really don't care if most
bounce.
> anything we can do to stop it?
Add a REJECT line for their IP in /etc/mail/access, then type "makemap hash
/etc/mail/access.db < /etc/mail/access" or add them to the block list
through the GUI. Send the log lines to the ISP associated with the offended
IP. Make little use of catchall email accounts so these dictionary spam
attacks don't get through.
---------------sample------------------
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> May 11 12:36:43 ns1 sendmail[7992]: MAA07992: <leeson@xxxxxx>... User
unknown
> May 11 12:36:43 ns1 sendmail[7992]: MAA07992: <sruth@xxxxxx>... User
unknown
> May 11 12:36:43 ns1 sendmail[7992]: MAA07992: <keldon@xxxxxx>... User
unknown
> ....etc, etc.. long list........
> ----------------------------------------
FYI, this happens on my servers all the time on different domains.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/