I'm thinking of setting up all the nobody aliases to redirect E-mail to an account which deletes the message with an IMail rule. This way, a dictionary attack will find that all the E-mail gets accepted and hopefully stops attacking, while at the same time I'm not sending this E-mail to someone's real account.
Is anyone getting dictionary attacked for long periods of time on a domain with a nobody alias or something that is gatewayed?
Thanks,
Matt
Fritz Squib wrote:
Hey guys, this sounds like same problem that I have been experiencing, however it has been a bunch of spam with c.c. 's to non-existant mail addresses on my server (dictionary attack style) ..My DNS is working fine.
I spent the weekend returning mail from the old spool to a new spool that I had to create.
I had around 67,000 of these buggers to deal with...no fun.
All of the mail seems to be originating from dsl and cable modems with forged return addresses.
My server is swamped again today - started again about 2-3 hours ago.
Fritz
Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net
() ascii ribbon campaign - against html mail /\ - against microsoft attachments
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
