[Mimedefang] Anyone seen LOTS of "HELO" IPs lacking brackets today?
Philip Prindeville
philipp_subx at redfish-solutions.com
Fri Nov 10 17:47:32 EST 2006
Cormack, Ken wrote:
> [snip]
>As you can see, I have turned off the actual rejection, since this caused
>LOTS of problems just beginning today! I'm still logging the info, so that
>come next week I can see what correlation there might be between the IP
>addresses that get logged, and if there's a common SMTP package they all run
>(that might have been auto-updated last night), or whatever, that might
>reveal why dozens of our regular customers all suddenly today were rejected
>for a rule that has been in place for a long time.
>
>Am I the only one A) doing this type of test, or B) seeing this sudden
>problem? I normally see ~200 to ~300 rejections per day from this rule.
>Today, the log of my primary server alone contains several thousands of
>hits.
>
>Ken
Try to sample a stream from such an offender with tcpdump or
ethereal, and see if you can pull out information about the mail
agent being used.
I doubt it's bugid 279525 in Thunderbird.
-Philip
More information about the MIMEDefang
mailing list