[buug] Spam DOS -- ideas?

Brian Sobolak brian at planetshwoop.com
Wed Sep 17 07:11:09 PDT 2003 

Hey guys -

This is an email from my sysadmin and is also affecting mail at my domain.

Any ideas?

brian

---------------------------- Original Message ----------------------------
Subject: [UFO Chicago] Spam DOS -- ideas?
From:    "David W. Harks" <dave at psys.org>
Date:    Wed, September 17, 2003 7:22 am
To:      ufo at tastytronic.net
--------------------------------------------------------------------------

Greetings, UFOers,

I'm faced with a problem:

One of the domains I host is getting flooded with spam. Literally
thousands of  simultaneous connections from thousands of servers worldwide
are beating on  my exim system.

To temporarily solve this, I've modified my MX to point to a server that
can  be dedicated to the purpose of handling this flood. Also, I've
configured  exim with jealous connection limits and to use SMTP VRFY,
along with several  DNSBL's.

But this isn't stopping the thousands of connections which end up acting
as an  effective email DOS. The servers sending the mail are actually
(mostly)  legitimate, and when checked via ORDB and SpamCop, come back
clean, but  they're attempting to send to thousands of nonexistent
addresses @mydomain.   Of course, VRFY doesn't allow this, but the flood
continues.

Any thoughts on how to fight back against this sort of thing? Would it be 
better to NOT use VRFY, and just let thousands of bounces go out? I'm
pretty  sure the senders are spoofing their addresses, so I think that
would get lots  of bounces to the wrong folks. (although, perhaps THOSE
folks might have  better luck contacting their various ISPs...)
Firewalling off the addresses  isn't practical, since these are generally
'legitimate' servers (and, the  list of rules gets long -- over 11,000
unique addresses so far).

Any suggestions, experience, or ideas are welcome.

Thanks!

dave

-- 
David W. Harks <dave at psys.org>  http://dwblog.psys.org

_______________________________________________
UFO Chicago -- Users of Free Operating Systems
Free Software Rules -- Proprietary Drools!
http://ufo.chicago.il.us/cgi-bin/mailman/listinfo/ufo




--
Brian Sobolak
http://www.planetshwoop.com/

More information about the buug mailing list