|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Tarpit "User unknown in local recipient table"?
From: mouss (usebsd
free.fr)
Date: Sun Jul 02 2006 - 07:06:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Adhamh Findlay wrote:
> Greetings,
>
> For lack of a better description it seems that I am being the victim of a
> spam dictionary attack. Its not a DOS situation, but I am getting messages
> to unknown users at a rate of at least once a minute. The messages are
> coming from different servers, but there seems to be a set of servers
> sending these emails out.
>
> For example if I grep my mail log file "marcell", I find one message a day
> to some user that has the "marcell" string in the user name. If I then grep
> the log file for one of the IP addresses that sent such a message I get any
> where from 1 to 736 hits, so sometimes the same machine is doing this but
> not always.
>
>
As sandy said, this is more probably a joe job attack. addresses from
your domains are used as sender in spam/virus/whatever mail, and the
recipient domain is misconfigured, and does backscatter. There are
unfortunately many broken sites.
what you can do is add a trap address and make some or all of these
"unknown" addresses virtual aliases for this trap. Then look at the mail
to see if it is really backscatter. If so, report them to spamcops.
depending on the situation, you may also complain to the abuse contact
and to whois contacts of the misconfigured clients.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]