OT: Email Spam a bit of Hell

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 57867
interpreted = N
texte = I figured if nothing else you guys might relate to this. At best you might have some ideas that I havent tried. This weekend I noticed some unusual activity on the server. Essentially my EIMS server (email) was going crazy. Now I take great care in keeping all open relays locked down so even though at first it looked like a relay attack it turned out to be something completely different. SMTP connections from email servers all over the world were constantly slamming the machine. At first I started looking at the Ips but they offered no common pattern. Since I keep the number of smtp connection limited, the mail server was becoming essentially useless since the SMTP connection limit was constantly maxed. Sooooo, doing some check to see what the hell was going on I checked the error logs discovered that each smtp connection was trying to send email to a not existing account at one of my domains (one of my primary domains to make matters worse). They would get an smtp connection and then sit there until the server returned a 550 error (not valid address), only to be instantly replaced by the next random SMTP. So in an effort to see WTF, I enabled the mail account and forwarded it to me briefly. Immediately my account was flooded with "FAILED to DELIVER" messages for some spam message. Some of the better returns showed originating IP's overseas. But remember, these message had nothing to do with us or our server but rather simply had a wrong reply to address (a invalid account on my primary domain). Shoot me. I tried opening the account up thinking I would just field the bounce backs... But after thousands it was clear this was not your average spam mailing and I might be dealing with hundreds of thousands or more! And of course the whole time these bounce back are maxing out the servers ability to receive email. So what's a poor bastard to do? Basically the only thing I could come up with was to first reprogram any of the forms across various sites that used the domain name for form mail. That cleaned up all but one email account (the one on all our letterhead and business cards :-( and then change the NDS records to point the MX record to another machine. Currently that machine does NOT have an email server on it so the connections arent going anywhere. Not sure I should even bother to try and set it up... Sometime around 3 am or so I started seeing the first noticeable difference in email responsiveness as the dns pointed the thousands of mail servers off to a uncaring IP. Just hell. Its amazing how someone else's BS action can all but crush a network. Anyway, I guess this isnt a cry for help as much as it is one for pity ..lol If anyone has another idea I would love to hear it because I racked my brain trying to dig out from under this. I figure I will let the DNS sit for 2-3 days before I hold my breath and point it back. My Monday started last night at 6pm... I am tired ;-) !!!! Alex Alex J McCombie New World Media Chief Information Officer Box 124 888/892.6379 MartVille, NY 13111 Alex@NewWorldMedia.com http://OurClients.com Interface Designer WebDNA Programmer Database Designer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: OT: Email Spam a bit of Hell ( Clint Davis 2004)
  2. OT: Email Spam a bit of Hell ( Alex McCombie 2004)
I figured if nothing else you guys might relate to this. At best you might have some ideas that I havent tried. This weekend I noticed some unusual activity on the server. Essentially my EIMS server (email) was going crazy. Now I take great care in keeping all open relays locked down so even though at first it looked like a relay attack it turned out to be something completely different. SMTP connections from email servers all over the world were constantly slamming the machine. At first I started looking at the Ips but they offered no common pattern. Since I keep the number of smtp connection limited, the mail server was becoming essentially useless since the SMTP connection limit was constantly maxed. Sooooo, doing some check to see what the hell was going on I checked the error logs discovered that each smtp connection was trying to send email to a not existing account at one of my domains (one of my primary domains to make matters worse). They would get an smtp connection and then sit there until the server returned a 550 error (not valid address), only to be instantly replaced by the next random SMTP. So in an effort to see WTF, I enabled the mail account and forwarded it to me briefly. Immediately my account was flooded with "FAILED to DELIVER" messages for some spam message. Some of the better returns showed originating IP's overseas. But remember, these message had nothing to do with us or our server but rather simply had a wrong reply to address (a invalid account on my primary domain). Shoot me. I tried opening the account up thinking I would just field the bounce backs... But after thousands it was clear this was not your average spam mailing and I might be dealing with hundreds of thousands or more! And of course the whole time these bounce back are maxing out the servers ability to receive email. So what's a poor bastard to do? Basically the only thing I could come up with was to first reprogram any of the forms across various sites that used the domain name for form mail. That cleaned up all but one email account (the one on all our letterhead and business cards :-( and then change the NDS records to point the MX record to another machine. Currently that machine does NOT have an email server on it so the connections arent going anywhere. Not sure I should even bother to try and set it up... Sometime around 3 am or so I started seeing the first noticeable difference in email responsiveness as the dns pointed the thousands of mail servers off to a uncaring IP. Just hell. Its amazing how someone else's BS action can all but crush a network. Anyway, I guess this isnt a cry for help as much as it is one for pity ..lol If anyone has another idea I would love to hear it because I racked my brain trying to dig out from under this. I figure I will let the DNS sit for 2-3 days before I hold my breath and point it back. My Monday started last night at 6pm... I am tired ;-) !!!! Alex Alex J McCombie New World Media Chief Information Officer Box 124 888/892.6379 MartVille, NY 13111 Alex@NewWorldMedia.com http://OurClients.com Interface Designer WebDNA Programmer Database Designer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Alex McCombie

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

re-sorting founditems (2002) Error Lob.db records error message not name (1997) Thanks Grant (1997) AutoCommit Preference? (1998) limit to listwords (2001) WebCommerce: Folder organization ? (1997) Not really WebCat- (1997) searchable list archive (1997) Need relative path explanation (1997) WebCat editing, SiteGuard & SiteEdit (1997) problems with 2 tags shakur (1997) Error, 101 a DNS problem ? (1997) Accepting credit cards (1997) WebCatalog for guestbook ? (1997) Banners and sort of random display (1997) Multipart/form-data and video (2005) WebCommerce: Folder organization ? (1997) WebCat2 - [format thousands] (1997) WebCatalog for guestbook ? (1997) Erotic Sites (1997)