Sorry for jumping in on that thread late ...
We were affected by this "storm" (mass relaying though CZ servers) as
they abuse two domains of customers of ours, for which we do backup MX.
When the inject started the primary MX gave up quickly and we'd got all
the bounces.
Fortunately - as far as we were involved - the SENDER address, where the
bounces should go to, could easily be masked out with the badrcptpatterns
file, putting
[lL][Mm][Tt][Dd][0-9]-[Bb][Aa][Nn][Kk]@*
[lL][Mm][Tt][Dd][0-9][0-9]-[Bb][Aa][Nn][Kk]@*
in this file (the pattern was LMTD-<num>-BANK@<domain>.
I know this is kinda unfriendly, as msn, yahoo, ... got double bounces
but that was the only way to keep our mailserver operational.
During thast whole thing I noticed another problem realted to Lotus
Notes mail servers *sigh* (we could not confirm whether this is a
configuration error or a bug).
As - of course - the address does not exist Lotus did something wierd.
What should have resulted in a double bounce at the Lotus site did not.
Instead the Lotus server saw a <> Envelope-Sender and decided to take
the address from the "From:" Line and tried to bounce back the bounce
to [EMAIL PROTECTED], [EMAIL PROTECTED], ... as we are outgoing
relay for that Lotus Server our mailserver was additionally hit by
the (double) bounces *argh*. As yahoo sends out bounces with a From:
[EMAIL PROTECTED] but that is a non existing account I then
got the resulting double bounce in my postmaster box *BIG ARGH*
I patched qmail-smtpd to make use of a "badbouncercpt" file. If the
message is a bounce and the user or user@domain is in the "badbouncercpt"
we do not accept the message.
Currently our "badbouncercpt" file contains
mailerdaemon
mailer-daemon
mail-daemon
[EMAIL PROTECTED]
[EMAIL PROTECTED]
After that modifications our mailserver still was at rather high load
but could stand it.
Life could be much more easier by cutting off the fingers of mailserver
"programmers" who don't have a clue and writing a virus that deletes
all incarnations and source code of their programs ...
\Maex
--
SpaceNet GmbH | http://www.Space.Net/ | Stress is when you wake
Research & Development | mailto:[EMAIL PROTECTED] | up screaming and you
Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | realize you haven't
D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
