adam bultman said, on 10/16/2010 11:59 AM:
> I have a server that's getting a large number of connections from some
> ACS IP addresses in what claims to be a static block.
>
> Since October 10 @ 4:30 AM, I've had a grand total of 44,800 connections
> from three IP addresses via SMTP. I dont' think they're delivering mail;
> I do know that some of them are trying to do SMTP AUTH.
>
> It's annoying, and I'd like to know if that's one of our customers
> trying to connect, or a former customer who left some mail client
> running, or some spam bots trying *really hard* to send mail (but
> getting denied, every time.)
>
> (Yes, I know I could write the abuse email, but all I ever get - ever -
> from *any* email written to abuse at any domain is an autoresponder.
> Bummer.)
abuse@ in any provider's domain gets a lot of email; cut 'em a little
slack. But even if you write to abuse@, they can't give you a direct
answer as to who had those IPs at those times without some legal
paperwork. They might be able to spank and intervene, but won't be able
to tell you more than that they enforced terms of service, etc.
It sounds like you can see attempts trying to log in as particular
users? If so, do a frequency count on them, and look for patterns. And
if you're not sure if they're delivering mail or not, you should be. ;-)
Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Oct 16 17:50:20 2010
This archive was generated by hypermail 2.1.8 : Sat Oct 16 2010 - 17:50:20 AKDT