>>>>> "W" == W B Hacker <wbh@???> writes:
[text including the phrase "blowback of all forms"]
W> Am I misreading something, or did you just indicate that a
W> (hopefully rare!) defect in one of your *own* hosting servers
W> cause *your own* MX the grief?
>> Where on earth did you get that idea?
W> From the paragraph above - w/r 'broken forms...' et al.
Is English not your first language? I admit I make few concessions in
my writing to those with poor English skills, but in the above the
word "forms" is used in the general sense, in which it is synonymous
with "types", "kinds", "varieties" etc., rather than in any limited
technical sense.
>> The scenario is this:
>>
>> 1) Some spammer (not anywhere near our network) sends out hundreds
>> of millions of spams using random forged addresses at our domain
>> as the envelope sender.
W> OK. Story changes (again?)
W> C'mon! I may have been born at *night*, but it wasn't *last* night.
um, what?
The story stays the same, I'm just explaining it in smaller words (but
obviously not small enough) and more detail.
W> *snip*
>> Result: we end up receiving 300+ SMTP connections per sec, from
>> millions of different IPs all of which are actually mailservers.
>> Blocking by IP is no help (something like 50% of the traffic last
>> time was from IPs that made only _one_ connection during the
>> extent of the attack). There is nothing else to block on since the
>> connections are not otherwise distinguishable from real traffic.
W> 300+ /sec, yet 50% of the traffic was on ONE connection?
No, 50% of the connections were from IPs that connected only once each.
W> Dunno if it is your arithmetic, veracity, or understanding of how
W> to configure an MTA that is lacking - perhaps all of the above.
Perhaps you should brush up on your language skills?
--
Andrew, Supernews
http://www.supernews.com