Re: orbs in message status

surgemail-listnetwinsite.com wrote:
> I am getting hammered by either a spammer or someone
hijacking a domain name.   In the Advanced status I am
seeing the following:
> 
> 220.75.109.40   8.7s 0.00   0   0     0k    9          
Orbs 
>   200.77.198.208   9.1s 0.00   0   0     0k    9       
   Orbs 
>    207.44.246.51   9.4s 0.00   0   0     0k    9       
   Orbs 
>      82.98.82.30   9.5s 0.00   0   0     0k    9       
   Orbs 
>    222.90.16.105   9.8s 0.00   0   0     0k   10       
   Orbs 
>   210.116.105.85  10.4s 0.00   0   0     0k   10       
   Orbs 
>    63.116.109.19  10.5s 0.00   0   0     0k   11       
   Orbs 
>     81.19.232.92  10.7s 0.00   0   0     0k   11       
   Orbs 
> 
> None of them appear to be coming from the same place. 
Its getting so bad real email is not getting in on a timely
basis and I have users complaining that they can't connect
either.  Raising the max smtp limit only produces even more
of these connects.  I am seeing in the log something like
this:
> 
> 23 12:39:17[5615825] Changed 81.19.232.92 <>
<Devrajlindwallone ofmydomains.com> 0 
"[81.19.232.92] No such user (devrajlindwall) Cached
lookup"
> 23 12:39:22[5615825] Rejected 81.19.232.92 <>
<Devrajlindwalloneofmydomains.com> 0  "No such
user (devrajlindwall) Cached lookup"
> 
> I just put in an SPF record for this domain thinking
that perhaps all the connects are coming from legitimate
mail servers that are getting junk my and they are checking
to see if the user exists on our server, and hoping that
will at least help the situation.  The log mainly has this
one domain name in it that has all the rejects with the
<> as the sender email address.
> 
> Does anyone have any clues on this one?
> 
> Thanks!!
> 


Yes if the rejects are all from <> then these are 
very likely  bounces 
and an  spf record will certainly help. Also if you connect
back to the 
incoming servers:
	telnet 81.19.232.92 25
and you get a response from a mail server, again this
implies these are 
not spam coming in but spam bounces.

If you wish to send us a full status and your surgemail.ini
we can check 
there isn't something else causing a problem.  If your dns
lookups are 
sluggish or you have too many configured it may be making
matters worse, 
but that's just one guess, we would know more after looking
at the status.

-- 
When replying please quote original message to save time and
always let
us know what OS and version of SurgeMail you are using.

************************************************************
****************
If you wish to communicate with other users and talk about
SurgeMail and
also get news about updates etc then join the SurgeMail
List.
Send an email to surgemail-list-requestnetwinsite.com with only 
"subscribe" in the message body

FAQ - http
://www.netwinsite.com/surgemail/help/faq.htm
************************************************************
****************