I had a similar experience, but it wasn't actually a mail bomb, it was a
SPAM attempt. If a spammer thinks that your domain may be a free email
service, they will attempt delivery with an apparently random list of users,
which I believe is extracted from other free email services.
You could try tarpitting, but that only works with multiple RCPT TO
invocations. Even limiting the number of concurrent connections won't
necessarily help, since a lot of mail can be delivered in a fairly short
amount of time with only 10 incoming connections. And you could also
facilitate a self-made DOS attack if the remote SMTP client is persistent.
-K
> From: "Renato" <[EMAIL PROTECTED]>
> Date: 3 Apr 2001 22:47:27 -0000
> To: [EMAIL PROTECTED]
> Subject: Qmail attack
>
>
> Hi all,
>
> I was victim of an attack today. Somebody connected to my smtp server and
> sent multiple messages to same address. The headers look like:
>
> From: "User" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
>
> Well, naturally somebody can connect to port 25 and send this mail with
> these headers. But the attacker used a script and sent the same message
> thousands of time !!! My queue grow to more than 10.000 messages in
> minutes !!
>
> What can I do to avoid this type of attack ?
>
> Thanks
> Renato - Brazil.
>
