We blocked these senders with a fantastic 550. The source IP addresses are dynamically allocated hence we think they are coming from exploited computers - located mainly in China, Korea and Taiwan.
Senders
* aaaaa@yahoo.com.tw
* z2007tw@yahoo.com.tw
Sample SMTP requests
[220.149.240.9][32496380] rsp: 220 mail.elohkcalb.com
[220.149.240.9][32496380] connected at 6/24/2010 6:31:44 PM
[220.149.240.9][32496380] cmd: EHLO aaaaaa.com
[220.149.240.9][32496380] rsp: 250-mail.elohkcalb.com Hello [220.149.240.9] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK
[220.149.240.9][32496380] cmd: MAIL FROM:aaaaa@yahoo.com.tw SIZE=2679 [220.149.240.9][32496380] rsp: 550 Sender is not allowed.
[220.149.240.9][32496380] disconnected at 6/24/2010 6:31:45 PM
[114.45.53.25][47409299] rsp: 220 mail.elohkcalb.com
[114.45.53.25][47409299] connected at 6/25/2010 8:34:45 AM
[114.45.53.25][47409299] cmd: HELO 114.45.53.25
[114.45.53.25][47409299] rsp: 250 mail.elohkcalb.com Hello [114.45.53.25]
[114.45.53.25][47409299] cmd: MAIL FROM: z2007tw@yahoo.com.tw
[114.45.53.25][47409299] rsp: 550 Sender is not allowed.
[114.45.53.25][47409299] disconnected at 6/25/2010 8:34:45 AM
No comments:
Post a Comment