Stathakopoulos Giorgos <[EMAIL PROTECTED]> wrote:
>
> Yesterday, I came up to a strange situation:
> I was receiving thousands of bounces to
> <a lot of different usernames>@<mydomain>.
You got joe-jobbed by a spammer. It's not that strange; happens all the
time. Because some MXes started insisting on valid envelope sender
addresses, the spammers started forging envelope sender addresses using
valid domains. Then they started using the alphabet-soup local-parts
because some "anti-spam" heuristics didn't like hundreds of messages
from the same sender. So now its a nuisance for everyone.
> Since <mydomain> is in my rcpthosts/locals file, I was accepting these
> messages. But <a lot of different usernames> didn't exist so these
> messages were going to postmaster.
> My mailserver had a lot of traffic, its logfiles were very large and the
> mailbox of postmaster become unreadable.
>
> Is there any way to prevent my mail servers from these types of attack?
No -- SMTP isn't designed to prevent this. As a temporary measure, you
can discard double bounces and file bounces to /dev/null until the storm
abates.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------