bombarded security smtp + abuse checker

Discussions on webmail and the Professional version.
Post Reply

bombarded security smtp + abuse checker

Post by » Mon Jul 22, 2002 9:41 am

Hey reading through my logs I found
that there are people scanning my system for email addresses...
so they can spam me...
in the log it says
Local delevery for [smtp:] is locally serviced ,but reciepant is not defined in address map.
and it repeats this like a thousands of times with different email addresses that are not users on my system.
and sometimes the email address seem to be valid ones... and the message changes it "is local" instead of is locally serivced...
these logs to not include the ip address off the offender so i have
no way to stop them...
is this a spammer brute forcing his way into finding all the email addresses on my site???
this is most annoying because the logs were filling up my system
and i dont want to waste time reading logs everyday...

Could you create something that would be an abuse checker????
something that would look at the logs and determine if someone is bulk scanning for mailbox accounts and shut down the requesting system or give the admin the right to deny the offending system on a abuse screen?

for example have an abuse screen, and on that screen do an analisys of the logs, if a system has tried to do something that your log analyser determines is "bad" it marks them on the abuse page with a reason...
then the admin can go and turn off there access to the system...
if you dicided to do this mabye you could write some scripts that would
update router access lists.. so that the offending system couldnt even contact the mail server anymore...


Site Admin
Posts: 841
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Post by Admin » Tue Jul 23, 2002 3:29 pm

Definitely something like this we would like to implement. It's on our big TODO list, so maybe some time in the future we can add this.

Post Reply