Jerry,

This wouldn't be a DOS attack, rather just a rash of SPAM. We see this sort of thing a lot in our Barracuda SPAM firewall logs. That thing hangs it's backside out on the Internet and gets beat on every second of every day. (It's blocked 41 MILLION pieces of spam in the last year!) In the Domino logs we see this same message you get for each attempt to send in a piece of mail as Domino says 'No such person'. So basically things are working normally. One thing you can do (and I have done this for a few) is to tell either Domino or in your case symantec to deny connections from that servers IP address. Usually a few seconds after that the hits stop entirely as they can't get in. Watch carefully though as they may change their source IP once they see the connections fail. In that case I have blocked entire class "C" address ranges. (We get very very very very VERY few legitimate emails from china :-)
 - Larry

GKern@xxxxxxxxxxxxxxxx wrote:

Our domino server is getting hammered with what appears to be DOS attack (and it's handling it very well BTW).

I found miscellaneous events logs being generated every minute and mostly full of the same message: 10/13/2005 14:44:19 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory. 10/13/2005 14:44:19 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory. 10/13/2005 14:44:20 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory. 10/13/2005 14:44:20 SMTP Server: Mail for mail_security@xxxxxxxxxxxxxxxx rejected for policy reasons. Recipient could not be found in the Domino Directory.
This has been going on since around 1am on 11/11.
Doing a whois on fcep.net (identified by symantec secure mail for smtp) shows fcep.net as an electricy provider in China, who IMHO has been hacked and doesn't know they're being used as a spam relay.

Or I could be entirely wrong since I've not had any experience with anything like this.

Comments anyone?

Regards, Jerry

Gerald Kern
MIS Project Leader, Lotus Notes/Domino Administrator
IBM Certified RPG IV Developer, RPG IV Programmer
The Toledo Clinic, Inc.
4235 Secor Road
Toledo, OH 43623-4299
Phone 419-479-5535
gkern@xxxxxxxxxxxxxxxx

Larry Bolhuis                   IBM eServer Certified Systems Expert:
Vice President                    iSeries Technical Solutions V5R3
Arbor Solutions, Inc.             iSeries LPAR Technical Solutions V5R3
1345 Monroe NW Suite 259          iSeries Linux Technical Solutions V5R3
Grand Rapids, MI 49505 iSeries Windows Integration Technical Solutions V5R3
                               IBM eServer Certified Systems Specialist
(616) 451-2500 iSeries System Administrator for OS/400 V5R3
(616) 451-2571 - Fax              AS/400 RPG IV Developer
(616) 260-4746 - Cell             iSeries System Command Operations V5R2

If you can read this, thank a teacher....and since it's in English, thank a soldier.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.