Good question, William.
It's either an "attack" or a big coincidence. Five weeks ago, we were hit by multiple worms/viruses (thanks to a momentary firewall config error) which devastated us. The spam problem became apparent as we put out the other fires. While most of the mess has been cleaned up, this mail server continues to logjam every couple of days. This never happened before. Coincidence? Maybe.
Of course, I'm so shell-shocked from the whole incident that EVERY anomoly is an "attack" anymore. Shoot first....
Of course, maybe the fixes created new problems. For a brief (and hectic) time, we had competing virus scanners on the mail server. It soon became apparent that the "live" scanner was quarantining mail while IMail/Declude/F-Prot was still processing it. Perhaps, by the time I had removed the second scanner, it had "broken" something in Imail? I've been deleting orphaned files, etc., for weeks. No change. I can't imagine what might be askew.
Dave
William Van Hefner wrote:
David,
What leads you to believe that this is a spam "attack", and not just your everyday spam? Are all of the spams coming from a specific IP range, or share any characteristics in common? If so, I would work on a filter that blocks mail based on that criteria. It seems odd that a spammer would just arbitrarily decide to pick on your server like that. I would start looking in the actual router logs for suspicious activity on your network.
William Van Hefner Network Administrator Vantek Communications, Inc.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Delbridge
Sent: Tuesday, March 08, 2005 10:22 AM
To: [email protected]
Subject: Re: [IMail Forum] Spam to Root/Postmaster
We already employ an anti-spam solution (Declude) but do not impose it on our clients. It is optional, for their convenience and to protect us from liability.
Then again, if our customers aren't checking the root accounts, I might as well setup Declude to filter those boxes. But then again, they'll eventually fill up anyways. Afterall, these are high-volume spam "ATTACKS." The root accounts are receiving thousands of messages per day.
Dave
mail-lists wrote:
Maybe get an anti spam solution?
Cavell McDermott Network Administrator Cottonwood Financial 972.753.0822 Office 214.403.4918 Cell http://www.thecashstore.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Delbridge
Sent: Monday, March 07, 2005 9:54 PM
To: [email protected]
Subject: [IMail Forum] Spam to Root/Postmaster
Hi all,
I host a few hundred e-mail domains and my default "root" and
"postmaster" accounts are suddenly being attacked by
spammers, to the
point that a recurring DoS situation occurs. [The root
mailboxes fill
up and the mail server then bogs down with "mailbox full"
GSE replies to
non-existent spam senders.]
Should I:
- Forward postmaster and root mail for all domains to my "master"
postmaster account? [That's gonna be a LOT of junk mail for me to personally wade through. We're talkin' tens of thousands
of messages
per day.]
- Delete the unused root and postmaster accounts? [Afterall, they're
all disabled by default. And this would allow our clients to setup their own postmaster forwarder to a working mail address,
should they
want to receive mail server alerts.]
- Rename the root and postmaster accounts?
- Other options?
Any advice is greatly appreciated.
Dave
--
David M. Delbridge Circa 3000 ColdFusion Hosting http://www.circa3k.com 866-CIRCA3K (247-2235) Outside U.S: +1.775-832-2445
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
--
David M. Delbridge Circa 3000 ColdFusion Hosting http://www.circa3k.com 866-CIRCA3K (247-2235) Outside U.S: +1.775-832-2445
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
