Huge number of swbell.net address probes - anybody else?
My host is being hit with a huge number of email address probes from swbell.net addresses. They are all like:
May 4 09:55:50 habanero postfix/smtpd: reject: RCPT from adsl-68-94-181-200.dsl.rcsntx.swbell.net[188.8.131.52]: 550 <nanette@[mydomain].com>: User unknown; from=<[email protected]> to=<nanette@[mydomain].com>
but the name in the "to" address changes each time. I guess they are just looking for valid email addresses. I've gotten about 4000 of these since Sunday. Anybody else? Short term I've blocked swbell.net for port 25 but I can't keep that around for long. I contacted their abuse department but have not heard back yet.
We get a huge amount of probs from Comcast/other broadband subscribers as well. Most likely SPAM scripts searching for an open relay. If you e-mail software is not running in open relay mode you should be fine.
Hope this helps,
The Maag Group - Intelligent IT Solutions • Colocation • Dedicated Servers • Server Administration • www.maaggroup.com • 877.622.4477