Author: Eric Kuzniar Date: CC: exim users Subject: Re: [exim] DOS attack. What to do?
>
>You are probably being hit from a zombie farm that uses *many* IP, but
>relatively fewer forged hostnames and HELO. Sometimes a local BL is handy.
>
>Odds are these will be failing rNDS / forward/reverse lookup, forging HELO,
>sending to recipients that do not exist, trying to pipeline when you do not
>offer it, and other rude behaviour.
>
>
Another common scenario is that these are all bounces and/or
callouts as a result of his domains being joe jobbed.
