Aaron Knauf wrote:
Doh, missed the clever nuance from the last round of emails.Serge,The trouble is, it is a DDOS. See my previous post.
Well, first thing would be to call and email the admin's at the evt1.net mail server and the owner of the network addresses, to threaten lawsuits (explain to them what's happening, and tell them to stop it or get sued). A server admin and network address owner is responsible for their box if it's been hacked and it's causing you harm. (we had an ISP mislabel a block of addresses as belonging to us this past summer, so we were getting lawsuit threats from all over the US because a 98 machine in that network was hacked and was being used to attack other networks.)
Next, report that IP address to the blacklists... there are 3 that are mentioned in the James log files. Some of the big providers use them, and that should hopefully stop them from generating bounce messages.
In the meantime, you can use/write a matcher that checks the body for "207.44.129.133", and then send those messages to the Null mailet. The idea is the open-relay mail server's IP address should be appearing in the bounce messages.
Finally, James (or any mail server) shouldn't be crashing from this traffic... the new version has a ton of work on the scalability front, so I might consider trying that out as well.
Serge Knystautas
Loki Technologies
http://www.lokitech.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
