*sigh* this is most of a statement, but if someone can figure out a way to
help with the situation, it'd be great
tuesday night (well, wednesday morning, close to 2am GMT) I notice a LOT of
smtp connections coming in, exim was running from inetd, so they just kept
coming, as the system load was nearing 70, I managed to remove the inetd
entry, restart it, and kill all the exim processes, trying to work out what
was going on. I then ran exim as a daemon and played with the options to
severely limit the incoming emails, but my system load was still going pretty
high. By now though, I was able to work out what was going on, some fun little
spammers had decided to use some open relays to send a few million messages
all claiming to be from various, and non existant @bazza.com addresses, so
all the addresses that the spams weren't reaching, were bouncing back, and
hitting my box (fun). I managed some investigation and got a catchall rule as
follows
catchall:
driver = smartuser
new_address = test
end
where test is aliased to /dev/null, causing a bypass
this has kept my system running fine now, exim takes the mail from the other
side and discards them, and has done so with over 350,000 messages in around
48 hours, with my load avarage being 0.46, however all those emails are still
coming in, taking up bandwidth and resources that could be used for more
worthwhile things, and lots of people are still getting these spams, possibly
not going to know that they're not even originating anywhere close to
bazza.com, and going to complain, maybe even to places that might try to block
me, not fun
oh well, mostly a statement, may let some people know what they can do to stop
their machine falling over in the same situation, and I doubt anyone has any
further ideas about what I can do
--
-Barry Hughes
"Problem solving under linux has never been the circus that it is under AIX."
(By Pete Ehlke in comp.unix.aix)
http://bazza.com/