Mailing List SIMS@mail.stalker.com Message #12776
From: sascha <bleed@de-bug.de>
Subject: 2 problems
Date: Sun, 13 Apr 2003 17:19:14 +0200
To: <SIMS@mail.stalker.com>
X-Mailer: Apple Mail (2.552)
hi there.

hope one of you can help

our mailserver recieves an immense amount of harvest attack spam mails
thats terrible but until i changed our server to another faster computer two
days ago that brave little SIMS was able to handle a couple of 100.000 of
these on a bad day. strangely though since then instead of running more
smoothly i am getting lines like these once a day and the server refuses
to handle any more mail regardless weather incoming or outgoing.


00:06:35 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4540], seq=8316. 12/13
00:06:35 1 SMTP too many (250) lines already opened
00:06:35 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4541], seq=8317. 13/14
00:06:35 1 SMTP too many (250) lines already opened
00:06:35 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4542], seq=8318. 14/15
00:06:36 1 SMTP too many (250) lines already opened
00:06:36 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4543], seq=8319. 15/0
00:06:36 1 SMTP too many (250) lines already opened
00:06:36 1 SMTP(tcp) Rejecting Connection from [218.2.140.236:2655], seq=8320. 0/1
00:06:36 1 SMTP too many (250) lines already opened
00:06:36 1 SMTP(tcp) Rejecting Connection from [218.2.140.236:2656], seq=8321. 1/2
00:06:36 1 SMTP too many (250) lines already opened
00:06:36 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4545], seq=8322. 2/3
00:06:36 1 SMTP too many (250) lines already opened
00:06:36 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4546], seq=8323. 3/4
00:06:36 1 SMTP too many (250) lines already opened
00:06:36 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4547], seq=8324. 4/5
00:06:36 1 SMTP too many (250) lines already opened
00:06:36 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4548], seq=8325. 5/6
00:06:37 1 SMTP too many (250) lines already opened
00:06:37 1 SMTP(tcp) Rejecting Connection from [80.6.165.162:4549], seq=8326. 6/7

i am pretty sure some of you have seen that before.
but what can i do against it?




and on another note has anyone else experienced this strange kind of
attack concerto via multiple IPs all within the range of 65.54.198.* - 65.54.171.* (microsoft
hotmail i suppose) and does anyone know weather these are real mailservers/
open relays or how this is actually done (got the whole network on my blacklist
since yesterday), and weather there is a better way to block this then just putting
the complete ip ranges in the blacklist.



well thanx in advance
sascha

00:00:23 1 SMTP-377([65.54.171.142]) SPAM? Host is in the Blacklist
00:00:24 1 SMTP-377([65.54.171.142]) SPAM? Recipient '<pfeffer@de-bug.de>' rejected: sending host is blacklisted
00:01:15 1 SMTP-385([65.54.171.95]) SPAM? Host is in the Blacklist
00:01:16 1 SMTP-385([65.54.171.95]) SPAM? Recipient '<pferd@de-bug.de>' rejected: sending host is blacklisted
00:01:22 1 SMTP-386([65.54.173.162]) SPAM? Host is in the Blacklist
00:01:23 1 SMTP-386([65.54.173.162]) SPAM? Recipient '<pfennig@de-bug.de>' rejected: sending host is blacklisted
00:01:37 1 SMTP-389([65.54.171.86]) SPAM? Host is in the Blacklist
00:01:38 1 SMTP-389([65.54.171.86]) SPAM? Recipient '<pferris@de-bug.de>' rejected: sending host is blacklisted
00:02:16 1 SMTP-395([65.54.171.137]) SPAM? Host is in the Blacklist
00:02:17 1 SMTP-395([65.54.171.137]) SPAM? Recipient '<pfh@de-bug.de>' rejected: sending host is blacklisted
00:02:54 1 SMTP-411([65.54.171.57]) SPAM? Host is in the Blacklist
00:02:55 1 SMTP-411([65.54.171.57]) SPAM? Recipient '<pfinch@de-bug.de>' rejected: sending host is blacklisted
00:02:56 1 SMTP-412([65.54.170.121]) SPAM? Host is in the Blacklist
00:02:57 1 SMTP-412([65.54.170.121]) SPAM? Recipient '<pfink@de-bug.de>' rejected: sending host is blacklisted
00:03:08 1 SMTP-413([65.54.171.100]) SPAM? Host is in the Blacklist
00:03:09 1 SMTP-413([65.54.171.100]) SPAM? Recipient '<pfinn@de-bug.de>' rejected: sending host is blacklisted
00:03:46 1 SMTP-418([65.54.171.174]) SPAM? Host is in the Blacklist
00:03:47 1 SMTP-418([65.54.171.174]) SPAM? Recipient '<pfk@de-bug.de>' rejected: sending host is blacklisted
00:04:25 1 SMTP-442([65.54.171.97]) SPAM? Host is in the Blacklist
00:04:26 1 SMTP-442([65.54.171.97]) SPAM? Recipient '<pfleury@de-bug.de>' rejected: sending host is blacklisted

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster