North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: tcsender email bombing
On Tuesday November 4, 1997, Dennis Simpson <[email protected]> had this to say about "tcsender email bombing": > Having seen fairly heavy loading on our mail server today, I decided > to see what might be going on. > > Is anyone else seeing concerted bombing from [email protected]<a couple of addresses> > where the relayhost covers many hosts? I have attached a tiny bit of > today's mail syslog contents below to illustrate. > Yes...2741 entries in my maillog since 11:00pm yesterday...but our mailserver barely hiccuped and I wouldn't have noticed for a day or two unless I came across your post. What prompted you to go looking? > Approximately one third of our email traffic today has come from this. > I am going to be blocking a number of the ip's at our router, due to > the heavy load this is causing us. Is anyone else having to handle > this nonsense (tcsender specifically) or should I be looking for > someone attacking us? > You may want to change your 451 errors into 571 errors at least for this particular domain. From RFC1893: X.7.1 Delivery not authorized, message refused The sender is not authorized to send to the destination. This can be the result of per-host or per-recipient filtering. This memo does not discuss the merits of any such filtering, but provides a mechanism to report such. This is useful only as a permanent error. > Thx, > dennis > > Nov 4 04:05:48 bconnex.net sendmail[4697]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:05:48 bconnex.net sendmail[4697]: EAA04697: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, > proto=ESMTP, [email protected] [205.139.15.34] > Nov 4 04:05:54 bconnex.net sendmail[4698]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:05:54 bconnex.net sendmail[4698]: EAA04698: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, > [email protected] [206.83.162.16] > Nov 4 04:05:57 bconnex.net sendmail[4703]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:05:57 bconnex.net sendmail[4703]: EAA04703: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, > [email protected] [209.113.166.92] > Nov 4 04:06:04 bconnex.net sendmail[4705]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... Domain > must resolve > Nov 4 04:06:04 bconnex.net sendmail[4705]: EAA04705: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=bay.wiznet.ca [207.139.40.1] > Nov 4 04:06:08 bconnex.net sendmail[4712]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:06:08 bconnex.net sendmail[4712]: EAA04712: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, > proto=ESMTP, [email protected][204.254.231.160] > Nov 4 04:06:22 bconnex.net sendmail[4723]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:06:22 bconnex.net sendmail[4723]: EAA04723: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, > proto=ESMTP, [email protected] [209.24.1.201] > Nov 4 04:06:27 bconnex.net sendmail[4731]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... Domain > must resolve > Nov 4 04:06:27 bconnex.net sendmail[4731]: EAA04731: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=emke.com [204.152.178.10] > Nov 4 04:06:43 bconnex.net sendmail[4758]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:06:43 bconnex.net sendmail[4758]: EAA04758: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, > proto=ESMTP, relay=adzone.com [205.147.5.1] > Nov 4 04:06:50 bconnex.net sendmail[4776]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:06:50 bconnex.net sendmail[4776]: EAA04776: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, > proto=ESMTP, relay=[209.63.20.193] > Nov 4 04:07:12 bconnex.net sendmail[4800]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... Domain > must resolve > Nov 4 04:07:12 bconnex.net sendmail[4800]: EAA04800: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, > relay=mercury.webserve.net [206.96.226.5] > Nov 4 04:07:13 bconnex.net sendmail[4802]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... Domain > must resolve > Nov 4 04:07:13 bconnex.net sendmail[4802]: EAA04802: > from=<[email protected]>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected] [204.198.149.6] > Nov 4 04:07:16 bconnex.net sendmail[4804]: Ruleset check_mail > (<[email protected]>) rejection: 451 <[email protected]>... > Domain must resolve > Nov 4 04:07:16 bconnex.net sendmail[4804]: EAA04804: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=metallus.ias.net [206.214.209.8] > Nov 4 04:07:23 bconnex.net sendmail[4808]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:07:23 bconnex.net sendmail[4808]: EAA04808: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=france-travel.com [192.41.4.181] > Nov 4 04:08:04 bconnex.net sendmail[4852]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:08:04 bconnex.net sendmail[4852]: EAA04852: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, > relay=fox.plaza.nl [195.108.180.1] > Nov 4 04:08:05 bconnex.net sendmail[4858]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:08:05 bconnex.net sendmail[4858]: EAA04858: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=dnai.com [140.174.162.28] > Nov 4 04:08:17 bconnex.net sendmail[4865]: Ruleset check_mail > (<[email protected]>) jection: 451 <[email protected]>... Domain must > resolve > Nov 4 04:08:17 bconnex.net sendmail[4865]: EAA04865: > from=<[email protected]>, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=virtual.icanect.net [208.202.14.126] > Nov 4 04:08:45 bconnex.net sendmail[4881]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:08:45 bconnex.net sendmail[4881]: EAA04881: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, > relay=100t.lauderdale.net [207.141.140.10] > Nov 4 04:09:09 bconnex.net sendmail[4895]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:09:09 bconnex.net sendmail[4895]: EAA04895: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=fred.ic2do.com [38.218.186.11] > Nov 4 04:09:14 bconnex.net sendmail[4902]: Ruleset check_mail > (<[email protected]>) jection: 451 <[email protected]>... Domain must > resolve > Nov 4 04:09:14 bconnex.net sendmail[4902]: EAA04902: > from=<[email protected]>, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=ch.promega.com [198.150.28.10] > Nov 4 04:09:15 bconnex.net sendmail[4905]: Ruleset check_mail > (<[email protected]>) jection: 451 <[email protected]>... Domain must > resolve > Nov 4 04:09:15 bconnex.net sendmail[4905]: EAA04905: > from=<[email protected]>, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected] [206.112.39.112] > Nov 4 04:09:28 bconnex.net sendmail[4916]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:09:28 bconnex.net sendmail[4916]: EAA04916: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected] [209.1.144.158] > Nov 4 04:09:45 bconnex.net sendmail[4928]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:09:45 bconnex.net sendmail[4928]: EAA04928: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected] [204.152.97.15] > Nov 4 04:09:45 bconnex.net sendmail[4929]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:09:45 bconnex.net sendmail[4929]: EAA04929: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=gost3.indirect.com [165.247.198.3] > Nov 4 04:09:46 bconnex.net sendmail[4930]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:09:46 bconnex.net sendmail[4930]: EAA04930: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=[205.217.137.150] > Nov 4 04:09:54 bconnex.net sendmail[4936]: Ruleset check_mail > (<[email protected]>) jection: 451 <[email protected]>... Domain must > resolve > Nov 4 04:09:54 bconnex.net sendmail[4936]: EAA04936: > from=<[email protected]>, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected] [204.181.4.152] > Nov 4 04:10:31 bconnex.net sendmail[4956]: Ruleset check_mail > (<[email protected]>) jection: 451 <[email protected]>... Domain must > resolve > Nov 4 04:10:31 bconnex.net sendmail[4956]: EAA04956: > from=<tcsend[email protected]>, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=wcc.wcc.net [208.6.232.10] > Nov 4 04:10:45 bconnex.net sendmail[4972]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:10:45 bconnex.net sendmail[4972]: EAA04972: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected] [204.145.147.60] > Nov 4 04:10:48 bconnex.net sendmail[4974]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:10:48 bconnex.net sendmail[4974]: EAA04974: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected] 3] > Nov 4 04:10:58 bconnex.net sendmail[4980]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:10:58 bconnex.net sendmail[4980]: EAA04980: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=[151.196.85.2] > Nov 4 04:11:04 bconnex.net sendmail[4985]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:11:04 bconnex.net sendmail[4985]: EAA04985: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, > relay=www.fixation.com [206.144.185.101] > Nov 4 04:11:06 bconnex.net sendmail[4991]: Ruleset check_mail > (<[email protected]>) jection: 451 <[email protected]>... Domain must > resolve > Nov 4 04:11:06 bconnex.net sendmail[4991]: EAA04991: > from=<[email protected]>, class=0, pri=0, nrcpts=0, proto=SMTP, > relay=ns2.kalamazoo.net [206.31.33.2] > Nov 4 04:11:26 bconnex.net sendmail[5016]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:11:26 bconnex.net sendmail[5016]: EAA05016: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, > relay=fox.plaza.nl [195.108.180.1] > Nov 4 04:12:07 bconnex.net sendmail[5042]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:12:07 bconnex.net sendmail[5042]: EAA05042: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, > relay=[151.196.88.4] > Nov 4 04:12:08 bconnex.net sendmail[5043]: Ruleset check_mail ) rejection: 451 > <[email protected]>... Domain must resolve > Nov 4 04:12:08 bconnex.net sendmail[5043]: EAA05043: > from=<[email protected]>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, > relay=yakko.x-statik.com [198.68.248.2] > Nov 4 04:12:13 bconnex.net sendmail[5046]: Ruleset check_mail > (<[email protected]>) jection: 451 <[email protected]>... Domain must > resolve > Nov 4 04:12:13 bconnex.net sendmail[5046]: EAA05046: > from=<[email protected]>, class=0, pri=0, nrcpts=0, proto=ESMTP, > [email protected][140.174.206.23] -- John-David Childs (JC612) Enterprise Internet Solutions System Administrator @denver.net/Internet-Coach/@ronan.net & Network Engineer 1031 S. Parker Rd. #I-8 Denver, CO 80231 As of this^H^H^H^H next week, passwords will be entered in Morse code.
|