|
Jerry,This wouldn't be a DOS attack, rather just a rash of SPAM. We see this sort of thing a lot in our Barracuda SPAM firewall logs. That thing hangs it's backside out on the Internet and gets beat on every second of every day. (It's blocked 41 MILLION pieces of spam in the last year!) In the Domino logs we see this same message you get for each attempt to send in a piece of mail as Domino says 'No such person'. So basically things are working normally. One thing you can do (and I have done this for a few) is to tell either Domino or in your case symantec to deny connections from that servers IP address. Usually a few seconds after that the hits stop entirely as they can't get in. Watch carefully though as they may change their source IP once they see the connections fail. In that case I have blocked entire class "C" address ranges. (We get very very very very VERY few legitimate emails from china :-)
- Larry GKern@xxxxxxxxxxxxxxxx wrote:
Our domino server is getting hammered with what appears to be DOS attack (and it's handling it very well BTW).I found miscellaneous events logs being generated every minute and mostly full of the same message: 10/13/2005 14:44:19 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory. 10/13/2005 14:44:19 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory. 10/13/2005 14:44:20 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory. 10/13/2005 14:44:20 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory.This has been going on since around 1am on 11/11.Doing a whois on fcep.net (identified by symantec secure mail for smtp) shows fcep.net as an electricy provider in China, who IMHO has been hacked and doesn't know they're being used as a spam relay.Or I could be entirely wrong since I've not had any experience with anything like this.Comments anyone? Regards, Jerry Gerald Kern MIS Project Leader, Lotus Notes/Domino Administrator IBM Certified RPG IV Developer, RPG IV Programmer The Toledo Clinic, Inc. 4235 Secor Road Toledo, OH 43623-4299 Phone 419-479-5535 gkern@xxxxxxxxxxxxxxxx
Larry Bolhuis IBM eServer Certified Systems Expert: Vice President iSeries Technical Solutions V5R3 Arbor Solutions, Inc. iSeries LPAR Technical Solutions V5R3 1345 Monroe NW Suite 259 iSeries Linux Technical Solutions V5R3Grand Rapids, MI 49505 iSeries Windows Integration Technical Solutions V5R3
midrange.com
IBM eServer Certified Systems Specialist
(616) 451-2500 iSeries System Administrator for
OS/400 V5R3
(616) 451-2571 - Fax AS/400 RPG IV Developer (616) 260-4746 - Cell iSeries System Command Operations V5R2If you can read this, thank a teacher....and since it's in English, thank a soldier.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
