I had him remove the "nobody" alias, so at least there's no longer the load on the server of Declude trying to spam check and virus check every piece of spam these idiots were sending. However, at least once a day I still have some idiot spammer connecting and crippling my server for half an hour or so, attempting to send 20-30 messages a second.
The IP addresses are always spoofed, so I can't block it that way.
Actually, they are not spoofed (it's nearly impossible to send spam with spoofed IPs). You're not dealing with a standard run-of-the-mill idiot spammer; you're dealing with a professional spammer-for-hire (who is also an idiot). Those IPs are real -- they are the IPs of servers that he has compromised. That's how he can send 20-30 messages a second.
20030227 091017 127.0.0.1 SMTPD (003A0640) [217.82.173.37] RCPT TO: <[EMAIL PROTECTED]>
20030227 091017 127.0.0.1 SMTPD (000D0584) [217.82.59.117] RCPT TO: <[EMAIL PROTECTED]>
20030227 091017 127.0.0.1 SMTPD (01650418) [217.81.250.86] RCPT TO: <[EMAIL PROTECTED]>
Any ideas what I can do about this? Is there anything I can do?
There aren't many options in a case like this -- it is a classic DDoS attack. One is to block all the IPs using the IMail Control Access file. On the IMail Forum, some people have suggested using BlackIce Server, which can apparently block such attacks.
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
