Hello. Sorry for this off-topic post. I am posting it because most people on the list are mail server administrators. Also, it is slightly related to spamdyke so i feel confident some of you can be of help.
On March 24, two of our mail servers, (phisically separated, different countries and networks) started to receive a big amount of SMTP connections. A quick check revealed that all the incoming connections had a single account as recipient on each server. As we are using spamdyke on both servers, i quickly added that email address to the recipient-blacklist file and all connections were rejected (DENIED_BLACKLISTED and others). This decreased the load on the servers (as emails were not being processed) and restored it to a functional state. But connections were still there. I have seen before this kind of spambot attacks, and , as all of those stopped sooner or later, i was hoping it stop on the next hours. The main issue is that the attack never stopped. We are receiving around 950,000 connections to that account per day since 30 days ago. The stats for the last four days are: May 06 943.600 connections. May 05 993.454 connections. May 04 840.815 connections. May 03 1.022.314 connections. Different IP address: 75238 Different class C subnets: 50074 Different class B subnets: 8936 I have selected random addresses to check and IPs are from different countries (most of them from Asia, but many from Europe) This makes impossible for me to contact each network owner to alert about the situation. So right now, we are relying only on spamdyke to control the situation. It is doing it's work great, but i am very concerned by the fact that connections never decrease nor stop. My question is: has anyone experienced this issue before?. Any advice on how to deal with it?. Regards Pablo _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
