|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: posfix SAV tarpitted
From: Ralf Hildebrandt (Ralf.Hildebrandt
charite.de)
Date: Sun Oct 02 2005 - 02:25:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Len Conrad <LConradGo2France.com>:
>
> One of my clients IMGate/postfix boxes, which does inbound-only MX
> work, has been tarpitted by numerous IPs in these Class Cs:
>
> The Class C are:
>
> 204.9.240
> 204.9.241
> 204.9.242
> 204.9.243
> 204.9.244
> 204.9.245
> 204.9.246
> 204.9.247
>
> which are also found here:
>
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21043
>
> afaics, when postfix smtp SAV calls those IPs, the smtp session is
> held by the other end indefinitely, some kind of heart-beat that
> keeps postfix smtp from timing out.
>
> mx1# sockstat -4 | egrep -ic "smtp .*204.9.24"
> 201
>
> mx1# sockstat -4 | egrep -i "smtp .*204.9.24" | less
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> postfix smtp 4449 12 tcp4 69.43.139.225:3790 204.9.247.4:25
The smtp processes should eventually time out.
But what do they do to keep the session from timing out?
--
Ralf Hildebrandt (Ralf.Hildebrandtcharite.de) spamtrapcharite.de
http://www.postfix-book.com/ Tel. +49 (0)30-450 570-155
When you say 'I wrote a program that crashed Windows', people just
stare at you blankly and say 'Hey, I got those with the system, for
free'
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]