Ryan Thompson wrote: > Hi all, > > One of my email domains has recently been the (repeat) victim of a fairly > large-scale joe job. I am seeing thousands of back-scatter bounces for > addresses like [EMAIL PROTECTED], [EMAIL PROTECTED], etc. However, when this > attacker sends out one of their batches, it is enough to run my lightly > loaded 1GB server out of swap within 3-4 minutes. (At which point I need > remote hands to do a hard boot, because ssh, login, etc. have been killed by > the kernel). > > So, there are three problems: > > 1. Root problem -- the joe job -- Not much to be done about this. > > 2. Exim accepting bounces for nonexistent addresses--at the very least would > like to drop or auto-respond to anything for [EMAIL PROTECTED] >
Can you implement recipient verification? No sense in accepting mail you can't route. I'll probably get crap for this, but I have anti-joe job acls in place that temp rejects mail from hosts that send to too many invalid recipients in 30 minutes. I'm relying on legitimate senders not being backscatter sources, I know, but temp rejecting and list cleaning via a cron job has made this really effective for us. It absolutely requires recipient verification. --DJCP -- -**---****-----******-------********---------********** Daniel Collis-Puro Software Engineer End Point Corp. [EMAIL PROTECTED] (office) 781-477-0885 **********---------********-------******-----****---**- -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
