On Wed, 15 Jun 2005, Dean Anderson wrote: > > What sort of mail volume to you handle? 2000-4000 attempts isn't a lot > for large volume domain handling millions of messages per day. About 250K legit messages each day, and about a million junk messages. Yes, it isn't a very large proportion of our total volume, but I would expect that to change rapidly if the probes were successful. > You said it is more prevalent on hosts named mail or smtp---one would at > minumum need a list of domains to search. Where do you suppose they > obtained this list? Where do you suppose they get lists of email addresses to send spam to? > Who is doing this searching? Internal viruses? The probes are external, and appear to be mostly from compromised home computers. Our network is reasonably well managed and infections are quashed promptly. > What sort of commercial companies are abusing your open relays? You misunderstand: We don't operate open relays, but despite your claims about the rareness of open relay abuse, our email servers are frequently probed with open relay attacks. I believe you are depending on security through obscurity to avoid attack. One of our main outgoing relay services has an obscure name (ppsw.cam.ac.uk) and is probed 100 times less frequently than our MXs or our MSA service named smtp.hermes.cam.ac.uk. > You also haven't shown that the abusers would be prevented from emailing > if open relays were closed. That's irrelevant: it's still my responsibility not to abet them. Tony. -- f.a.n.finch <dot@xxxxxxxx> http://dotat.at/ BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR GOOD. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf