Checking my reject logs, I've noticed a new pattern the past couple of
weeks...
- *ONE* IP address
- sends 15 or 50 delivery attempts, approximately 1 attempt 2 every
seconds
- the envelope-sender is a legitimate looking address @gmail.com or
gmx.de or one of several .ru domains
Another pattern I see occasionally is 3 consecutive attempts from the
same IP address with the same common_first_name(_at_)yahoo(_dot_)com envelope
sender. Is this an attempt to defeat greylisting?
If my rules reject the 1st time, they end up rejecting all 3 or 15 or
50 attempts. The rejection is usually due to rDNS that smells dynamic,
or total lack of rDNS.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg