OT: Email Spam a bit of Hell
This WebDNA talk-list message is from 2004
It keeps the original formatting.
numero = 57867
interpreted = N
texte = I figured if nothing else you guys might relate to this. At best you mighthave some ideas that I havent tried.This weekend I noticed some unusual activity on the server. Essentially myEIMS server (email) was going crazy. Now I take great care in keeping allopen relays locked down so even though at first it looked like a relayattack it turned out to be something completely different.SMTP connections from email servers all over the world were constantlyslamming the machine. At first I started looking at the Ips but they offeredno common pattern. Since I keep the number of smtp connection limited, themail server was becoming essentially useless since the SMTP connection limitwas constantly maxed.Sooooo, doing some check to see what the hell was going on I checked theerror logs discovered that each smtp connection was trying to send email toa not existing account at one of my domains (one of my primary domains tomake matters worse). They would get an smtp connection and then sit thereuntil the server returned a 550 error (not valid address), only to beinstantly replaced by the next random SMTP.So in an effort to see WTF, I enabled the mail account and forwarded it tome briefly. Immediately my account was flooded with "FAILED to DELIVER"messages for some spam message. Some of the better returns showedoriginating IP's overseas. But remember, these message had nothing to dowith us or our server but rather simply had a wrong reply to address (ainvalid account on my primary domain).Shoot me.I tried opening the account up thinking I would just field the bouncebacks... But after thousands it was clear this was not your average spammailing and I might be dealing with hundreds of thousands or more! And ofcourse the whole time these bounce back are maxing out the servers abilityto receive email.So what's a poor bastard to do?Basically the only thing I could come up with was to first reprogram any ofthe forms across various sites that used the domain name for form mail. Thatcleaned up all but one email account (the one on all our letterhead andbusiness cards :-( and then change the NDS records to point the MX record toanother machine. Currently that machine does NOT have an email server on itso the connections arent going anywhere. Not sure I should even bother totry and set it up...Sometime around 3 am or so I started seeing the first noticeable differencein email responsiveness as the dns pointed the thousands of mail servers offto a uncaring IP.Just hell. Its amazing how someone else's BS action can all but crush anetwork.Anyway, I guess this isnt a cry for help as much as it is one for pity ..lolIf anyone has another idea I would love to hear it because I racked my braintrying to dig out from under this. I figure I will let the DNS sit for 2-3days before I hold my breath and point it back.My Monday started last night at 6pm...I am tired ;-)!!!!AlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I figured if nothing else you guys might relate to this. At best you mighthave some ideas that I havent tried.This weekend I noticed some unusual activity on the server. Essentially myEIMS server (email) was going crazy. Now I take great care in keeping allopen relays locked down so even though at first it looked like a relayattack it turned out to be something completely different.SMTP connections from email servers all over the world were constantlyslamming the machine. At first I started looking at the Ips but they offeredno common pattern. Since I keep the number of smtp connection limited, themail server was becoming essentially useless since the SMTP connection limitwas constantly maxed.Sooooo, doing some check to see what the hell was going on I checked theerror logs discovered that each smtp connection was trying to send email toa not existing account at one of my domains (one of my primary domains tomake matters worse). They would get an smtp connection and then sit thereuntil the server returned a 550 error (not valid address), only to beinstantly replaced by the next random SMTP.So in an effort to see WTF, I enabled the mail account and forwarded it tome briefly. Immediately my account was flooded with "FAILED to DELIVER"messages for some spam message. Some of the better returns showedoriginating IP's overseas. But remember, these message had nothing to dowith us or our server but rather simply had a wrong reply to address (ainvalid account on my primary domain).Shoot me.I tried opening the account up thinking I would just field the bouncebacks... But after thousands it was clear this was not your average spammailing and I might be dealing with hundreds of thousands or more! And ofcourse the whole time these bounce back are maxing out the servers abilityto receive email.So what's a poor bastard to do?Basically the only thing I could come up with was to first reprogram any ofthe forms across various sites that used the domain name for form mail. Thatcleaned up all but one email account (the one on all our letterhead andbusiness cards :-( and then change the NDS records to point the MX record toanother machine. Currently that machine does NOT have an email server on itso the connections arent going anywhere. Not sure I should even bother totry and set it up...Sometime around 3 am or so I started seeing the first noticeable differencein email responsiveness as the dns pointed the thousands of mail servers offto a uncaring IP.Just hell. Its amazing how someone else's BS action can all but crush anetwork.Anyway, I guess this isnt a cry for help as much as it is one for pity ..lolIf anyone has another idea I would love to hear it because I racked my braintrying to dig out from under this. I figure I will let the DNS sit for 2-3days before I hold my breath and point it back.My Monday started last night at 6pm...I am tired ;-)!!!!AlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Alex McCombie
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
re-sorting founditems (2002)
Error Lob.db records error message not name (1997)
Thanks Grant (1997)
AutoCommit Preference? (1998)
limit to listwords (2001)
WebCommerce: Folder organization ? (1997)
Not really WebCat- (1997)
searchable list archive (1997)
Need relative path explanation (1997)
WebCat editing, SiteGuard & SiteEdit (1997)
problems with 2 tags shakur (1997)
Error, 101 a DNS problem ? (1997)
Accepting credit cards (1997)
WebCatalog for guestbook ? (1997)
Banners and sort of random display (1997)
Multipart/form-data and video (2005)
WebCommerce: Folder organization ? (1997)
WebCat2 - [format thousands] (1997)
WebCatalog for guestbook ? (1997)
Erotic Sites (1997)