Having seen fairly heavy loading on our mail server today, I decided to see what might be going on. Is anyone else seeing concerted bombing from tcsender@<a couple of addresses> where the relayhost covers many hosts? I have attached a tiny bit of today's mail syslog contents below to illustrate. Approximately one third of our email traffic today has come from this. I am going to be blocking a number of the ip's at our router, due to the heavy load this is causing us. Is anyone else having to handle this nonsense (tcsender specifically) or should I be looking for someone attacking us? Thx, dennis Nov 4 04:05:48 bconnex.net sendmail[4697]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:05:48 bconnex.net sendmail[4697]: EAA04697: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@astra.genghis.com [205.139.15.34] Nov 4 04:05:54 bconnex.net sendmail[4698]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:05:54 bconnex.net sendmail[4698]: EAA04698: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=root@busche.com [206.83.162.16] Nov 4 04:05:57 bconnex.net sendmail[4703]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:05:57 bconnex.net sendmail[4703]: EAA04703: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=root@www.fredrick.com [209.113.166.92] Nov 4 04:06:04 bconnex.net sendmail[4705]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:06:04 bconnex.net sendmail[4705]: EAA04705: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=bay.wiznet.ca [207.139.40.1] Nov 4 04:06:08 bconnex.net sendmail[4712]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:08 bconnex.net sendmail[4712]: EAA04712: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@[204.254.231.160] Nov 4 04:06:22 bconnex.net sendmail[4723]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:22 bconnex.net sendmail[4723]: EAA04723: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@linked.net [209.24.1.201] Nov 4 04:06:27 bconnex.net sendmail[4731]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:06:27 bconnex.net sendmail[4731]: EAA04731: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=emke.com [204.152.178.10] Nov 4 04:06:43 bconnex.net sendmail[4758]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:43 bconnex.net sendmail[4758]: EAA04758: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=adzone.com [205.147.5.1] Nov 4 04:06:50 bconnex.net sendmail[4776]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:50 bconnex.net sendmail[4776]: EAA04776: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[209.63.20.193] Nov 4 04:07:12 bconnex.net sendmail[4800]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:07:12 bconnex.net sendmail[4800]: EAA04800: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=mercury.webserve.net [206.96.226.5] Nov 4 04:07:13 bconnex.net sendmail[4802]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:07:13 bconnex.net sendmail[4802]: EAA04802: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@server3.homecom.com [204.198.149.6] Nov 4 04:07:16 bconnex.net sendmail[4804]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:07:16 bconnex.net sendmail[4804]: EAA04804: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=metallus.ias.net [206.214.209.8] Nov 4 04:07:23 bconnex.net sendmail[4808]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:07:23 bconnex.net sendmail[4808]: EAA04808: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=france-travel.com [192.41.4.181] Nov 4 04:08:04 bconnex.net sendmail[4852]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:08:04 bconnex.net sendmail[4852]: EAA04852: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=fox.plaza.nl [195.108.180.1] Nov 4 04:08:05 bconnex.net sendmail[4858]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:08:05 bconnex.net sendmail[4858]: EAA04858: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=dnai.com [140.174.162.28] Nov 4 04:08:17 bconnex.net sendmail[4865]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:08:17 bconnex.net sendmail[4865]: EAA04865: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=virtual.icanect.net [208.202.14.126] Nov 4 04:08:45 bconnex.net sendmail[4881]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:08:45 bconnex.net sendmail[4881]: EAA04881: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=100t.lauderdale.net [207.141.140.10] Nov 4 04:09:09 bconnex.net sendmail[4895]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:09 bconnex.net sendmail[4895]: EAA04895: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=fred.ic2do.com [38.218.186.11] Nov 4 04:09:14 bconnex.net sendmail[4902]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:09:14 bconnex.net sendmail[4902]: EAA04902: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=ch.promega.com [198.150.28.10] Nov 4 04:09:15 bconnex.net sendmail[4905]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:09:15 bconnex.net sendmail[4905]: EAA04905: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@ns.falconsoft.com [206.112.39.112] Nov 4 04:09:28 bconnex.net sendmail[4916]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:28 bconnex.net sendmail[4916]: EAA04916: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@web12.ntx.net [209.1.144.158] Nov 4 04:09:45 bconnex.net sendmail[4928]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:45 bconnex.net sendmail[4928]: EAA04928: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@realbeer.com [204.152.97.15] Nov 4 04:09:45 bconnex.net sendmail[4929]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:45 bconnex.net sendmail[4929]: EAA04929: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=gost3.indirect.com [165.247.198.3] Nov 4 04:09:46 bconnex.net sendmail[4930]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:46 bconnex.net sendmail[4930]: EAA04930: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[205.217.137.150] Nov 4 04:09:54 bconnex.net sendmail[4936]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:09:54 bconnex.net sendmail[4936]: EAA04936: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@jab1.roc.servtech.com [204.181.4.152] Nov 4 04:10:31 bconnex.net sendmail[4956]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:10:31 bconnex.net sendmail[4956]: EAA04956: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=wcc.wcc.net [208.6.232.10] Nov 4 04:10:45 bconnex.net sendmail[4972]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:10:45 bconnex.net sendmail[4972]: EAA04972: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@vp2.netgate.net [204.145.147.60] Nov 4 04:10:48 bconnex.net sendmail[4974]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:10:48 bconnex.net sendmail[4974]: EAA04974: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@kitchen.virtual-cafe.com 3] Nov 4 04:10:58 bconnex.net sendmail[4980]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:10:58 bconnex.net sendmail[4980]: EAA04980: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[151.196.85.2] Nov 4 04:11:04 bconnex.net sendmail[4985]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:11:04 bconnex.net sendmail[4985]: EAA04985: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=www.fixation.com [206.144.185.101] Nov 4 04:11:06 bconnex.net sendmail[4991]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:11:06 bconnex.net sendmail[4991]: EAA04991: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=SMTP, relay=ns2.kalamazoo.net [206.31.33.2] Nov 4 04:11:26 bconnex.net sendmail[5016]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:11:26 bconnex.net sendmail[5016]: EAA05016: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=fox.plaza.nl [195.108.180.1] Nov 4 04:12:07 bconnex.net sendmail[5042]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:12:07 bconnex.net sendmail[5042]: EAA05042: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[151.196.88.4] Nov 4 04:12:08 bconnex.net sendmail[5043]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:12:08 bconnex.net sendmail[5043]: EAA05043: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=yakko.x-statik.com [198.68.248.2] Nov 4 04:12:13 bconnex.net sendmail[5046]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:12:13 bconnex.net sendmail[5046]: EAA05046: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@[140.174.206.23]
Dennis Simpson wrote: # Is anyone else seeing concerted bombing from tcsender@<a # couple of addresses> where the relayhost covers many hosts? We saw 26 of them today. A mis-configured spoofer showed what may be the true sender: from=<tcsender@get-more-hits.com.online-marketing.com> relay=root@mustang.detroit.usweb.com [207.17.162.28] At least one of the messages contained this USPS address: EVA, Inc. 43 Riverside Ave. Suite 72 Medford, MA 02155 USA Here's what we received (US/Central time): 02:10:37 relay=root@zeus.total-access.net [209.60.65.3] 02:14:18 relay=[204.101.235.67] (may be forged) 02:17:16 relay=gost3.indirect.com [165.247.198.3] 02:24:06 relay=www.unitedmedia.com [207.121.184.84] 02:33:10 relay=fivepoints.com [38.229.187.2] 02:34:14 relay=[206.10.45.200] (may be forged) 02:37:30 relay=fujipub.com [192.41.4.169] 02:39:53 relay=root@astra.genghis.com [205.139.15.34] 02:46:02 relay=root@enteract.com [206.54.252.1] 02:54:42 relay=100t.lauderdale.net [207.141.140.10] 03:12:57 relay=ns1.vie.com [205.214.55.3] 03:15:57 relay=[207.213.148.64] (may be forged) 03:18:07 relay=gateway.foliage.com [209.61.70.2] 03:18:43 relay=root@realbeer.com [204.152.97.15] 03:35:53 relay=boulevards.boulevards.com [204.162.28.70] 03:36:57 relay=amyda.foe.co.uk [193.114.240.82] 03:37:46 relay=root@gemini.speakeasy.org [199.238.226.62] 03:37:49 relay=france-travel.com [192.41.4.181] 03:38:08 relay=root@linked.net [209.24.1.201] 03:38:38 relay=money.fsonline.com [199.171.21.101] 03:39:49 relay=root@linked.net [209.24.1.201] 03:40:48 relay=cyberhost3.com [192.41.31.40] 03:45:00 relay=root@mustang.detroit.usweb.com [207.17.162.28] 03:48:58 relay=root@ns.shelbynet.net [206.246.132.10] 03:49:43 relay=mail@gate.imall.com [207.173.184.8] 03:52:23 relay=mail.devontax.com [204.57.91.69] Bob -- ====================================================================== bob izenberg signet network operations +1 (512) 306-0700 bei@sig.net ======================================================================
On Tuesday November 4, 1997, Dennis Simpson <dennis@bconnex.net> had this to say about "tcsender email bombing":
Having seen fairly heavy loading on our mail server today, I decided to see what might be going on.
Is anyone else seeing concerted bombing from tcsender@<a couple of addresses> where the relayhost covers many hosts? I have attached a tiny bit of today's mail syslog contents below to illustrate.
Yes...2741 entries in my maillog since 11:00pm yesterday...but our mailserver barely hiccuped and I wouldn't have noticed for a day or two unless I came across your post. What prompted you to go looking?
Approximately one third of our email traffic today has come from this. I am going to be blocking a number of the ip's at our router, due to the heavy load this is causing us. Is anyone else having to handle this nonsense (tcsender specifically) or should I be looking for someone attacking us?
You may want to change your 451 errors into 571 errors at least for this particular domain. From RFC1893: X.7.1 Delivery not authorized, message refused The sender is not authorized to send to the destination. This can be the result of per-host or per-recipient filtering. This memo does not discuss the merits of any such filtering, but provides a mechanism to report such. This is useful only as a permanent error.
Thx, dennis
Nov 4 04:05:48 bconnex.net sendmail[4697]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:05:48 bconnex.net sendmail[4697]: EAA04697: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@astra.genghis.com [205.139.15.34] Nov 4 04:05:54 bconnex.net sendmail[4698]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:05:54 bconnex.net sendmail[4698]: EAA04698: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=root@busche.com [206.83.162.16] Nov 4 04:05:57 bconnex.net sendmail[4703]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:05:57 bconnex.net sendmail[4703]: EAA04703: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=root@www.fredrick.com [209.113.166.92] Nov 4 04:06:04 bconnex.net sendmail[4705]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:06:04 bconnex.net sendmail[4705]: EAA04705: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=bay.wiznet.ca [207.139.40.1] Nov 4 04:06:08 bconnex.net sendmail[4712]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:08 bconnex.net sendmail[4712]: EAA04712: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@[204.254.231.160] Nov 4 04:06:22 bconnex.net sendmail[4723]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:22 bconnex.net sendmail[4723]: EAA04723: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@linked.net [209.24.1.201] Nov 4 04:06:27 bconnex.net sendmail[4731]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:06:27 bconnex.net sendmail[4731]: EAA04731: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=emke.com [204.152.178.10] Nov 4 04:06:43 bconnex.net sendmail[4758]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:43 bconnex.net sendmail[4758]: EAA04758: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=adzone.com [205.147.5.1] Nov 4 04:06:50 bconnex.net sendmail[4776]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:06:50 bconnex.net sendmail[4776]: EAA04776: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[209.63.20.193] Nov 4 04:07:12 bconnex.net sendmail[4800]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:07:12 bconnex.net sendmail[4800]: EAA04800: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=mercury.webserve.net [206.96.226.5] Nov 4 04:07:13 bconnex.net sendmail[4802]: Ruleset check_mail (<tcsender@need-hits.com>) rejection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:07:13 bconnex.net sendmail[4802]: EAA04802: from=<tcsender@need-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@server3.homecom.com [204.198.149.6] Nov 4 04:07:16 bconnex.net sendmail[4804]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:07:16 bconnex.net sendmail[4804]: EAA04804: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=metallus.ias.net [206.214.209.8] Nov 4 04:07:23 bconnex.net sendmail[4808]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:07:23 bconnex.net sendmail[4808]: EAA04808: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=france-travel.com [192.41.4.181] Nov 4 04:08:04 bconnex.net sendmail[4852]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:08:04 bconnex.net sendmail[4852]: EAA04852: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=fox.plaza.nl [195.108.180.1] Nov 4 04:08:05 bconnex.net sendmail[4858]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:08:05 bconnex.net sendmail[4858]: EAA04858: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=dnai.com [140.174.162.28] Nov 4 04:08:17 bconnex.net sendmail[4865]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:08:17 bconnex.net sendmail[4865]: EAA04865: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=virtual.icanect.net [208.202.14.126] Nov 4 04:08:45 bconnex.net sendmail[4881]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:08:45 bconnex.net sendmail[4881]: EAA04881: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=100t.lauderdale.net [207.141.140.10] Nov 4 04:09:09 bconnex.net sendmail[4895]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:09 bconnex.net sendmail[4895]: EAA04895: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=fred.ic2do.com [38.218.186.11] Nov 4 04:09:14 bconnex.net sendmail[4902]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:09:14 bconnex.net sendmail[4902]: EAA04902: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=ch.promega.com [198.150.28.10] Nov 4 04:09:15 bconnex.net sendmail[4905]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:09:15 bconnex.net sendmail[4905]: EAA04905: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@ns.falconsoft.com [206.112.39.112] Nov 4 04:09:28 bconnex.net sendmail[4916]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:28 bconnex.net sendmail[4916]: EAA04916: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@web12.ntx.net [209.1.144.158] Nov 4 04:09:45 bconnex.net sendmail[4928]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:45 bconnex.net sendmail[4928]: EAA04928: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@realbeer.com [204.152.97.15] Nov 4 04:09:45 bconnex.net sendmail[4929]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:45 bconnex.net sendmail[4929]: EAA04929: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=gost3.indirect.com [165.247.198.3] Nov 4 04:09:46 bconnex.net sendmail[4930]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:09:46 bconnex.net sendmail[4930]: EAA04930: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[205.217.137.150] Nov 4 04:09:54 bconnex.net sendmail[4936]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:09:54 bconnex.net sendmail[4936]: EAA04936: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@jab1.roc.servtech.com [204.181.4.152] Nov 4 04:10:31 bconnex.net sendmail[4956]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:10:31 bconnex.net sendmail[4956]: EAA04956: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=wcc.wcc.net [208.6.232.10] Nov 4 04:10:45 bconnex.net sendmail[4972]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:10:45 bconnex.net sendmail[4972]: EAA04972: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@vp2.netgate.net [204.145.147.60] Nov 4 04:10:48 bconnex.net sendmail[4974]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:10:48 bconnex.net sendmail[4974]: EAA04974: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@kitchen.virtual-cafe.com 3] Nov 4 04:10:58 bconnex.net sendmail[4980]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:10:58 bconnex.net sendmail[4980]: EAA04980: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[151.196.85.2] Nov 4 04:11:04 bconnex.net sendmail[4985]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:11:04 bconnex.net sendmail[4985]: EAA04985: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=www.fixation.com [206.144.185.101] Nov 4 04:11:06 bconnex.net sendmail[4991]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:11:06 bconnex.net sendmail[4991]: EAA04991: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=SMTP, relay=ns2.kalamazoo.net [206.31.33.2] Nov 4 04:11:26 bconnex.net sendmail[5016]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:11:26 bconnex.net sendmail[5016]: EAA05016: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=fox.plaza.nl [195.108.180.1] Nov 4 04:12:07 bconnex.net sendmail[5042]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:12:07 bconnex.net sendmail[5042]: EAA05042: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=[151.196.88.4] Nov 4 04:12:08 bconnex.net sendmail[5043]: Ruleset check_mail ) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve Nov 4 04:12:08 bconnex.net sendmail[5043]: EAA05043: from=<tcsender@get-more-hits.com>, e=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=yakko.x-statik.com [198.68.248.2] Nov 4 04:12:13 bconnex.net sendmail[5046]: Ruleset check_mail (<tcsender@need-hits.com>) jection: 451 <tcsender@need-hits.com>... Domain must resolve Nov 4 04:12:13 bconnex.net sendmail[5046]: EAA05046: from=<tcsender@need-hits.com>, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@[140.174.206.23]
-- John-David Childs (JC612) Enterprise Internet Solutions System Administrator @denver.net/Internet-Coach/@ronan.net & Network Engineer 1031 S. Parker Rd. #I-8 Denver, CO 80231 As of this^H^H^H^H next week, passwords will be entered in Morse code.
On Tue, 4 Nov 1997, John-David Childs wrote:
You may want to change your 451 errors into 571 errors at least for this particular domain. From RFC1893:
Yep...changing those transient error codes into permenant ones will severely discourage compliant MTA's. I got a few dozen attempts from this one...but not enough that I'd have noticed it over the other hundreds. Nov 4 05:34:55 yoda sendmail[18159]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 518 <tcsender@get-more-hits.com>... unresolvable host name, check your configuration. Nov 4 05:34:55 yoda sendmail[18159]: FAA18159: from=<tcsender@get-more-hits.com>, size=0, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=root@linked.net [209.24.1.201] ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
On Tue, 4 Nov 1997, John-David Childs wrote:
You may want to change your 451 errors into 571 errors at least for this particular domain. From RFC1893:
Nov 4 04:05:48 bconnex.net sendmail[4697]: Ruleset check_mail (<tcsender@get-more-hits.com>) rejection: 451 <tcsender@get-more-hits.com>... Domain must resolve
The usual reason cited for using 4xx errors instead of 5xx errors in this case is that DNS failures can be transient. Bradley
participants (5)
-
Bob Izenberg -
Bradley Dunn -
Dennis Simpson -
John-David Childs -
Jon Lewis