[Sqlgrey-users] Duplicate connect records

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Lionel,=20

I would like to thank you first for the sqlgrey development. It has been =
a huge asset to Amherst College.=20

We have encountered an issue today with some emails coming from so far 2 =
specific IP addresses that are being continuously being greylisted.

A quick view of the connect table reveals duplicate connect records.=20

mysql> SELECT * FROM connect WHERE src =3D '205.231.86';=20
+-------------+-------------------------+------------+-------------------=
-----+---------------------+=20
| sender_name | sender_domain           | src        | rcpt              =
     | first_seen          |=20
+-------------+-------------------------+------------+-------------------=
-----+---------------------+=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 06:16:01 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 04:02:40 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 12:06:00 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-12 17:12:41 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-12 17:12:41 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-12 16:51:13 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-12 16:51:13 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 05:26:01 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 02:56:22 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 13:12:41 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-12 21:06:00 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 08:46:00 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 10:59:21 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-13 10:59:21 |=20
| nobody      | designjet-online.hp.com | 205.231.86 | =
mkf...@am... | 2005-09-12 19:59:21 |=20

I have put 205.231.86.62 into whitelist.local - mail is going through =
from that IP. I have enabled SQL queries in mysql and can see that =
SELECT statements that check if there was a connection within the =
previous 5 minutes. Then within the last 24 hours and before 5 minutes =
ago. Upon that it inserts a connect record. I have debugged those =
statements and found that they produce records.

What are your recommendations? Have you seen this before?=20

Should I trash the connect table?=20

Steffen=20

________________________________=20

Steffen Plotner=20
Systems Administrator/Programmer=20
Systems & Networking=20

Amherst College=20
PO BOX 5000=20
Amherst, MA 01002-5000=20
Tel (413) 542-2348=20
Fax (413) 542-2626=20
Email: swp...@am...=20
________________________________=20