Re: [OT] dealing with dictionary and other repeated relay attempts
ric.gates at bigsleep.org
Wed Jan 28 18:02:21 EST 2004
On 28 Jan 2004 SikaSpam entered spamcop and left
news:1wimtxrvetn67.1vtaigukl2f4b.dlg at 40tude.net:
> Is there some reasonable way to deal with this?
> <alex at DOMAINNAME.com>, relay=[220.127.116.11], reject=550 5.7.1
> <alex at DOMAINNAME.com>... Access denied
> Robotic intelligence lets this thing keep trying over hours varying only
> the address it tries occasionally. Above I added it to access so sendmail
> refuses, but before then for hours it was answering "no such user" - I'm
> not even sure which is "better" since the bloody thinbg keeps trying
> anyway. The From (not shown) looks random.
That's probably from the MyDoom worm.
There's lots of things you can do, but nothing will stop it from trying.
It's already being blocked "Access denied".
Block the IP before it gets to the sendmail daemon, lots of ways to do this
- it depends on your OS.
At least add that IP to your access.db
That IP is from abo.wanadoo.fr so it could be a spammer that's infected, or
it could be someone you know.
More information about the SpamCop-List