On Wed, 15 Jun 2005, Dean Anderson wrote:
What sort of mail volume to you handle? 2000-4000 attempts isn't a lot
for large volume domain handling millions of messages per day.
About 250K legit messages each day, and about a million junk messages.
Yes, it isn't a very large proportion of our total volume, but I would
expect that to change rapidly if the probes were successful.
You said it is more prevalent on hosts named mail or smtp---one would at
minumum need a list of domains to search. Where do you suppose they
obtained this list?
Where do you suppose they get lists of email addresses to send spam to?
Who is doing this searching? Internal viruses?
The probes are external, and appear to be mostly from compromised home
computers. Our network is reasonably well managed and infections are
What sort of commercial companies are abusing your open relays?
You misunderstand: We don't operate open relays, but despite your claims
about the rareness of open relay abuse, our email servers are frequently
probed with open relay attacks. I believe you are depending on security
through obscurity to avoid attack. One of our main outgoing relay services
has an obscure name (ppsw.cam.ac.uk) and is probed 100 times less
frequently than our MXs or our MSA service named smtp.hermes.cam.ac.uk.
You also haven't shown that the abusers would be prevented from emailing
if open relays were closed.
That's irrelevant: it's still my responsibility not to abet them.
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
Ietf mailing list