[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

repeated attempts delivering mail to 'unknown user@samedomain'

hi,

in the last 3 days, one of our mx domains has been the target of the following ( the real domainname replaced by DOMAIN.XX ) :

Feb  6 08:11:27 celery postfix/smtpd[11548]: reject: RCPT from shawidc-mo1.cg.shawcable.net[24.71.223.10]: 550 <MULRVNHSVJM@DOMAIN.XX>: User unknown; from=<> to=<MULRVNHSVJM@DOMAIN.XX>
Feb  6 08:12:12 celery postfix/smtpd[11548]: reject: RCPT from shawidc-mo1.cg.shawcable.net[24.71.223.10]: 550 <YOUVKLJM@DOMAIN.XX>: User unknown; from=<> to=<YOUVKLJM@DOMAIN.XX>
Feb  6 08:12:59 celery postfix/smtpd[11548]: reject: RCPT from shawidc-mo1.cg.shawcable.net[24.71.223.10]: 550 <grdhadk@DOMAIN.XX>: User unknown; from=<> to=<grdhadk@DOMAIN.XX>
Feb  6 08:14:10 celery postfix/smtpd[11548]: reject: RCPT from newmx2.fast.net[209.92.1.32]: 550 <CZNTYD@DOMAIN.XX>: User unknown; from=<> to=<CZNTYD@DOMAIN.XX>
Feb  6 08:15:33 celery postfix/smtpd[11548]: reject: RCPT from unknown[65.38.170.150]: 550 <jxaea@DOMAIN.XX>: User unknown; from=<> to=<jxaea@DOMAIN.XX>
Feb  6 08:17:51 celery postfix/smtpd[11571]: reject: RCPT from ns1.webmediainc.net[66.234.10.181]: 550 <slhnalxug@DOMAIN.XX>: User unknown; from=<> to=<slhnalxug@DOMAIN.XX>
Feb  6 08:18:37 celery postfix/smtpd[11571]: reject: RCPT from ns2.v-manager.co.uk[81.29.66.101]: 550 <BCWYMJKCXOK@DOMAIN.XX>: User unknown; from=<> to=<BCWYMJKCXOK@DOMAIN.XX>
Feb  6 08:20:07 celery postfix/smtpd[11571]: reject: RCPT from gatekeeper2.bgu.ac.il[132.72.24.74]: 550 <vngklbqzgvukv@DOMAIN.XX>: User unknown; from=<> to=<vngklbqzgvukv@DOMAIN.XX>
Feb  6 08:24:58 celery postfix/smtpd[11596]: reject: RCPT from cmail.seanet.com[199.181.164.19]: 550 <xziyzwinvgsl@DOMAIN.XX>: User unknown; from=<> to=<xziyzwinvgsl@DOMAIN.XX>
Feb  6 08:31:35 celery postfix/smtpd[11596]: reject: RCPT from unknown[212.12.160.4]: 550 <cartqdctopc@DOMAIN.XX>: User unknown; from=<> to=<cartqdctopc@DOMAIN.XX>
Feb  6 08:35:42 celery postfix/smtpd[11647]: reject: RCPT from aomail4.emirates.net.ae[195.229.241.85]: 550 <wumke@DOMAIN.XX>: User unknown; from=<> to=<wumke@DOMAIN.XX>
Feb  6 08:36:06 celery postfix/smtpd[11647]: reject: RCPT from smtp2.pcspeed.com[63.231.199.4]: 550 <LKTDQLMKH@DOMAIN.XX>: User unknown; from=<> to=<LKTDQLMKH@DOMAIN.XX>
Feb  6 08:40:22 celery postfix/smtpd[11681]: reject: RCPT from shawidc-mo1.cg.shawcable.net[24.71.223.10]: 550 <YGPMKRFQKBLDXE@DOMAIN.XX>: User unknown; from=<> to=<YGPMKRFQKBLDXE@DOMAIN.XX>
Feb  6 08:42:45 celery postfix/smtpd[11693]: reject: RCPT from unknown[209.67.219.114]: 550 <lkjitma@DOMAIN.XX>: User unknown; from=<> to=<lkjitma@DOMAIN.XX>
Feb  6 08:43:53 celery postfix/smtpd[11693]: reject: RCPT from shawidc-mo1.cg.shawcable.net[24.71.223.10]: 550 <SPIUGIWVVYI@DOMAIN.XX>: User unknown; from=<> to=<SPIUGIWVVYI@DOMAIN.XX>
Feb  6 08:47:50 celery postfix/smtpd[11719]: reject: RCPT from cvxbsd.convex.com.br[200.152.177.10]: 550 <ndwbuxpovfpusx@DOMAIN.XX>: User unknown; from=<> to=<ndwbuxpovfpusx@DOMAIN.XX>
Feb  6 08:52:15 celery postfix/smtpd[11732]: reject: RCPT from shawidc-mo1.cg.shawcable.net[24.71.223.10]: 550 <QFNKPADZOUSH@DOMAIN.XX>: User unknown; from=<> to=<QFNKPADZOUSH@DOMAIN.XX>
Feb  6 08:52:25 celery postfix/smtpd[11732]: reject: RCPT from shawidc-mo1.cg.shawcable.net[24.71.223.10]: 550 <ycyiyhdoun@DOMAIN.XX>: User unknown; from=<> to=<ycyiyhdoun@DOMAIN.XX>
Feb  6 08:58:10 celery postfix/smtpd[11751]: reject: RCPT from hrndva-mx-01.mgw.rr.com[24.28.204.20]: 550 <hefig@DOMAIN.XX>: User unknown; from=<> to=<hefig@DOMAIN.XX>
Feb  6 08:58:15 celery postfix/smtpd[11751]: reject: RCPT from hrndva-mx-01.mgw.rr.com[24.28.204.20]: 550 <hefig@DOMAIN.XX>: User unknown; from=<> to=<hefig@DOMAIN.XX>
Feb  6 08:58:21 celery postfix/smtpd[11751]: reject: RCPT from hrndva-mx-01.mgw.rr.com[24.28.204.20]: 550 <hefig@DOMAIN.XX>: User unknown; from=<> to=<hefig@DOMAIN.XX>
Feb  6 08:58:26 celery postfix/smtpd[11751]: reject: RCPT from hrndva-mx-01.mgw.rr.com[24.28.204.20]: 550 <hefig@DOMAIN.XX>: User unknown; from=<> to=<hefig@DOMAIN.XX>
Feb  6 08:58:30 celery postfix/smtpd[11767]: reject: RCPT from austtx-mx-04.mgw.rr.com[24.93.40.211]: 550 <YMPNOO@DOMAIN.XX>: User unknown; from=<> to=<YMPNOO@DOMAIN.XX>
Feb  6 08:58:31 celery postfix/smtpd[11751]: reject: RCPT from hrndva-mx-01.mgw.rr.com[24.28.204.20]: 550 <hefig@DOMAIN.XX>: User unknown; from=<> to=<hefig@DOMAIN.XX>
Feb  6 08:58:36 celery postfix/smtpd[11767]: reject: RCPT from austtx-mx-04.mgw.rr.com[24.93.40.211]: 550 <YMPNOO@DOMAIN.XX>: User unknown; from=<> to=<YMPNOO@DOMAIN.XX>
Feb  6 08:58:37 celery postfix/smtpd[11751]: reject: RCPT from hrndva-mx-01.mgw.rr.com[24.28.204.20]: 550 <hefig@DOMAIN.XX>: User unknown; from=<> to=<hefig@DOMAIN.XX>
Feb  6 08:58:42 celery postfix/smtpd[11767]: reject: RCPT from austtx-mx-04.mgw.rr.com[24.93.40.211]: 550 <YMPNOO@DOMAIN.XX>: User unknown; from=<> to=<YMPNOO@DOMAIN.XX>
Feb  6 08:58:47 celery postfix/smtpd[11767]: reject: RCPT from austtx-mx-04.mgw.rr.com[24.93.40.211]: 550 <YMPNOO@DOMAIN.XX>: User unknown; from=<> to=<YMPNOO@DOMAIN.XX>
Feb  6 08:58:53 celery postfix/smtpd[11767]: reject: RCPT from austtx-mx-04.mgw.rr.com[24.93.40.211]: 550 <YMPNOO@DOMAIN.XX>: User unknown; from=<> to=<YMPNOO@DOMAIN.XX>
Feb  6 08:58:58 celery postfix/smtpd[11767]: reject: RCPT from austtx-mx-04.mgw.rr.com[24.93.40.211]: 550 <YMPNOO@DOMAIN.XX>: User unknown; from=<> to=<YMPNOO@DOMAIN.XX>
Feb  6 08:59:04 celery postfix/smtpd[11767]: reject: RCPT from austtx-mx-04.mgw.rr.com[24.93.40.211]: 550 <YMPNOO@DOMAIN.XX>: User unknown; from=<> to=<YMPNOO@DOMAIN.XX>
Feb  6 08:59:58 celery postfix/smtpd[11751]: reject: RCPT from ns15.abergement.ch[213.242.101.144]: 550 <joivlekomi@DOMAIN.XX>: User unknown; from=<> to=<joivlekomi@DOMAIN.XX>

an explanation eludes me, so i would be glad if someone could explain why/how the same mxdomain is the target of many different sources
- or is it a pico DDoS on the mailserver 8)

lars brun nielsen

-- 
expect neither good nor evil.
	- deal with it
Reply to: