This morning, I took a look at my mail server logs to see if yesterday’s changes had caused any unexpected issues, and I’m happy to say that all appears well. I also took a few minutes to analyze the logs a little bit, and here’s what the past 20 hours has brought:
- In 1,202 minutes, 16,605 messages were attempted to be delivered to nonexistent accounts on my server, for a rate of one message every four and a half seconds.
- Those 16,605 messages were addressed to 915 unique (and still nonexistent!) email addresses.
- By far, the queso.com address bore the brunt of this, with 759 of the addresses living there; no other domain had more than 60 or 70 false attempts.
- The most popular fake email address is one that’s never existed, and doesn’t make much sense at all; it received 461 attempts. (The top 10 list is in the graphic to the right.)
- As you’d expect, generic “webmaster” email addresses are popular, accounting for 225 of the attempts across all the domains I host; “postmaster” and “mail” are a lot less popular than you’d think.
All in all, I’m glad to have made the configuration change, and my mail server seems to be operating under quite a bit less load as a result.
I suspect what happened is that when you were initially accepting mail for anything at your domains, a spammer ran a dictionary attack on a domain and recorded what was accepted and what wasn’t. Since you weren’t rejecting right off, everything passed, so they all got added to the database.
• Posted by: eric on Oct 20, 2006, 12:46 PM