Re: [Exim] spam

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: barry
CC: exim-users
Subject: Re: [Exim] spam
No technical solutions. My only suggestions involve lawyers and/or
firearms. I would recommend saving at least a good sampling of these
messages, if you are lucky you can identify the perpetrator and collect
enough in damages to buy a new mailserver or two.

On Fri, 30 Nov 2001, barry wrote:

> *sigh* this is most of a statement, but if someone can figure out a way to
> help with the situation, it'd be great
>
> tuesday night (well, wednesday morning, close to 2am GMT) I notice a LOT of
> smtp connections coming in, exim was running from inetd, so they just kept
> coming, as the system load was nearing 70, I managed to remove the inetd
> entry, restart it, and kill all the exim processes, trying to work out what
> was going on. I then ran exim as a daemon and played with the options to
> severely limit the incoming emails, but my system load was still going pretty
> high. By now though, I was able to work out what was going on, some fun little
> spammers had decided to use some open relays to send a few million messages
> all claiming to be from various, and non existant @bazza.com addresses, so
> all the addresses that the spams weren't reaching, were bouncing back, and
> hitting my box (fun). I managed some investigation and got a catchall rule as
> follows
>
> catchall:
> driver = smartuser
> new_address = test
> end
>
>
> where test is aliased to /dev/null, causing a bypass
>
> this has kept my system running fine now, exim takes the mail from the other
> side and discards them, and has done so with over 350,000 messages in around
> 48 hours, with my load avarage being 0.46, however all those emails are still
> coming in, taking up bandwidth and resources that could be used for more
> worthwhile things, and lots of people are still getting these spams, possibly
> not going to know that they're not even originating anywhere close to
> bazza.com, and going to complain, maybe even to places that might try to block
> me, not fun
>
> oh well, mostly a statement, may let some people know what they can do to stop
> their machine falling over in the same situation, and I doubt anyone has any
> further ideas about what I can do
>
>
>


--