Am Dienstag Februar 7 2012 22:20 schrieb Richard Laager: > We've got a customer who is receiving 1 message per second! that > consists solely of random English words stuck together (both subject and > body). This has been happening for 24-36 hours. > > As far as I can see, it's coming from hijacked accounts all over the > place (hundreds or thousands of servers) with varying sender addresses. > > Is anyone else seeing this sort of thing? > > Any idea how I might combat this? > > I'd love to bulk submit these messages and report them back to the > admins of the compromised servers, if that might do some good.
Do you use greylisting? (for example milter-greylist http://hcpnet.free.fr/milter-greylist/ ) Do the mails indeed come from real mailservers or do they come from compromised dial-in computers? If coming from real mailservers, greylisting would not really help in most cases, but worth a try... Depending on your mailserver you could increase throttling, though this would affect legitimate mail also... Feeding the mails to spamassassin's bayes database could perhaps help, in spite of the random words. But you should keep an eye on it for the risk of false positives. Everything in the headers is different? Nothing common in them? Reporting is never bad, but it depends on the admins whether it will help... had quite different experience with this over the years. Wondering what other ideas will come up :-) Regards Juergen -- Diese E-Mail wurde klimafreundlich und atomstromfrei erzeugt: http://www.atomausstieg-selber-machen.de/ _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
