Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Góra strony
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
Dla: exim users
Temat: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
Andrew - Supernews wrote:

>>>>>>"W" == W B Hacker <wbh@???> writes:
>
>
> >> That 99.99% peak figure was reached here during a period of a few
> >> hours during which we received more than _10 million_ connection
> >> attempts caused by blowback of all forms, at a domain used only by
> >> a handful of staff which normally gets a few thousand per day.
>
> W> Am I misreading something, or did you just indicate that a
> W> (hopefully rare!) defect in one of your *own* hosting servers
> W> cause *your own* MX the grief?
>
> Where on earth did you get that idea?


From the paragraph above - w/r 'broken forms...' et al.

>
> The scenario is this:
>
> 1) Some spammer (not anywhere near our network) sends out hundreds of
> millions of spams using random forged addresses at our domain as the
> envelope sender.


OK. Story changes (again?)

C'mon! I may have been born at *night*, but it wasn't *last* night.

*snip*

> Result: we end up receiving 300+ SMTP connections per sec, from
> millions of different IPs all of which are actually mailservers.
> Blocking by IP is no help (something like 50% of the traffic last time
> was from IPs that made only _one_ connection during the extent of the
> attack). There is nothing else to block on since the connections are
> not otherwise distinguishable from real traffic.
>


300+ /sec, yet 50% of the traffic was on ONE connection?

Dunno if it is your arithmetic, veracity, or understanding of how to configure
an MTA that is lacking - perhaps all of the above.

But I cannot help.

Gone....

Bill