On Thu, Sep 20, 2012 at 2:31 PM, James B. Byrne byrnejb@harte-lyne.ca wrote:
The list of sources is far too long to include in a message to the list. Suffice to say that each IP address is automatically blocked for varying lengths of time following any failed attempt. What I am trying to discover is what in particular, if anything, caused this traffic to suddenly start hitting our external server and whether or not we should be concerned about a specific vulnerability.
Where does it fit with the MX preference number ordering? If it is a higher value (lower priority) the others should be tried first so traffic might be an indication that other servers are unreachable or failing. However, it is a common ploy for spammers to try to send to the low priority target first on the chance that the spam filtering isn't as good as on the primary server(s).