From: Ralf Hildebrandt (no email)
Date: Sun Oct 02 2005 - 03:25:02 EDT
* Len Conrad <>:
>
> One of my clients IMGate/postfix boxes, which does inbound-only MX
> work, has been tarpitted by numerous IPs in these Class Cs:
>
> The Class C are:
>
> 204.9.240
> 204.9.241
> 204.9.242
> 204.9.243
> 204.9.244
> 204.9.245
> 204.9.246
> 204.9.247
>
> which are also found here:
>
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21043
>
> afaics, when postfix smtp SAV calls those IPs, the smtp session is
> held by the other end indefinitely, some kind of heart-beat that
> keeps postfix smtp from timing out.
>
> mx1# sockstat -4 | egrep -ic "smtp .*204.9.24"
> 201
>
> mx1# sockstat -4 | egrep -i "smtp .*204.9.24" | less
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> postfix smtp 4449 12 tcp4 69.43.139.225:3790 204.9.247.4:25
The smtp processes should eventually time out.
But what do they do to keep the session from timing out?
-- Ralf Hildebrandt () http://www.postfix-book.com/ Tel. +49 (0)30-450 570-155 When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, for free'
|
|
|