[Dshield] RE: SMTP problem

James C Slora Jr Jim.Slora at phra.com
Tue Oct 12 12:48:52 GMT 2004


On Mon, 11 Oct 2004 07:09:32 -0700 Mark Squire wrote

> I tailed /var/log/maillog (I have postfix), 
> and noticed a lot of these errors:
> 
> connect to mail2.saveinternet.net[69.42.112.4]: Connection timed out
 
Maybe this applies?

If you have a multistaged SMTP system - like a virus screener and a spam
screener and an SMTP server that pass mail to each other, and you
automatically send non-delivery reports for misaddressed email, and the
address verification stage comes after any other SMTP software you run, you
probably will see a lot of these.

A spammer sends junk mail from a fake domain (or a real domain that just
drops incoming SMTP connections) to humbolt at yourdomain harris at yourdomain
nguyen at yourdomain etc. The addresses that don't exist cause the address
checking stage to reject the message, which causes your in-house upstream
SMTP server to send a non-delivery report back to the sender. The sender
does not respond to your attempt to deliver the NDR, and your mail server
dutifully retries. Thus the more spam you reject, the more your server gets
tied up with futile connections to possibly fake spam sources.

Just an alternate guess.




More information about the list mailing list