Hi Kym:
What I always do in situations like this is to immediately place an ACL deny
filter on my switch or router against the IP address of the offenders - or IP
address block if it is a dialup. That way they can't get as far as your
network, and use your resources in rejecting the garbage.
Adrian.
>
> I just got back in to find a totally overloaded mail server, we are being
> attacked by a SPAM house and a bunch of script kiddies at the same time by
> the look of things.
>
> It has shown up something that also occurred last week when we did our
> first bulk email test, that is the server seems to bog if it has a few
> thousand messages in the out folder :-(, currently there are 8,800 there
> and the server has almost stopped serving, POST-wise. Last week we had
> almost 20,000 in the out folder and the server did stop entirely.
>
> We got things going again by tweaking the queue and thread numbers and I am
> doing the same again now. When I work out what really is happening I will
> let you all know :-)
>
> Here is a sample of the SMPT log:
>
> 10/04/2000 08:41:33 [012] MAIL [61.139.117.129] <[EMAIL PROTECTED]>
> [EMAIL PROTECTED] 1316
> 10/04/2000 08:41:33 [012] MAIL [61.139.117.129] <[EMAIL PROTECTED]>
> [EMAIL PROTECTED] 1316
> 10/04/2000 08:41:33 [012] MAIL [61.139.117.129] <[EMAIL PROTECTED]>
> [EMAIL PROTECTED] 1316
> 10/04/2000 08:41:33 [012] MAIL [61.139.117.129] <[EMAIL PROTECTED]>
> [EMAIL PROTECTED] 1316
> 10/04/2000 08:41:33 [012] [61.139.117.129] Disconnected (1 total)
>
> each time it connects, tries about 50 time then disconnects.
>
> Simultaneously the old NTMail v3 server is being hit by the same
> [EMAIL PROTECTED] type destinations, which is definitely a script by the look
> of its incrementing. It relays thu' the iMS box but the iMS box is working
> hard rejecting all of that stuff.
>
>
> I'll try and work out what is making the POST server bog and then give some
> good feedback, I hope :-)
>
>
> --
>
> Yours,
>
> Kym
>
>
> ========================================================================
> This list server is Powered by iMS
> 'The Swiss Army Knife of Mail Servers'
> --------------------------------------
> To leave this list please complete the form at
> http://www.CoolFusion.com/iMS.htm
>
> List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
> ========================================================================
>
========================================================================
This list server is Powered by iMS
'The Swiss Army Knife of Mail Servers'
--------------------------------------
To leave this list please complete the form at
http://www.CoolFusion.com/iMS.htm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
========================================================================
