[TriLUG] Strange mailserver flood
Lance A. Brown
lance at bearcircle.net
Wed Apr 30 10:16:38 EDT 2008
Brian Daniels said the following on 4/30/2008 9:28 AM:
> And after an hour or so, the flood drops back to a steady drip of similarly
> addressed messages.
>
> Anyone else seeing these, or have any idea what they're trying to do?
I'm not seeing this, but perhaps a mail log watcher that adds host-based
firewall rules to block offending sites after X "550 user unknown"
messages would serve to mitigate the attacks. Seems like denyhosts or
fail2ban could be bent to this task.
--[Lance]
--
GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9
CACert.org Assurer
More information about the TriLUG
mailing list