Well... My first thought would be to isolate this domain from my mail server, so that it isn't affecting my other customers.
Perhaps changing DNS (Change the IP for the server to something non-existent for now, like 192.168.0.1 or something.) Likely won't stop it immediately but might prevent new "Bots" from finding the server after you block existing ones. Also, block the domain in spamdyke. I think that will drop the connection at the SMTP level almost immediately, and prevent them from possibly finding a good username/password combo. This might free up enough resources to allow your other customers to start being able to send. Then maybe go through the logs, add IP's to IPTABLES, and hope the DNS changes prevent new bots from finding the server. Michael J. Colvin NorCal Internet Services www.norcalisp.com > -----Original Message----- > From: Sergio M [mailto:sergio...@gmail.com] > Sent: Tuesday, March 01, 2011 6:45 PM > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] SMTP attack > > Michael Colvin escribió: > > Are all of the username portions of the e-mail addresses legitimate e- > mails? > > IE, it looks like you cleansed the domain portion, but, in the log, are > the > > all, or most, of the e-mails legitimate? > > > > I've seen this with random attempts at guessing e-mails and passwords, > but > > not with all legit e-mails. > > > > If they are all legit, is the domain yours? Or is it theirs? (IE do > you > > host it as an ISP, or is this the only domain and you control it?) > > > > > > Michael J. Colvin > > NorCal Internet Services > > www.norcalisp.com > > > > > Hi Michael, > they are all legitimate email addresses, for one domain only though. > We host it as an ISP. > Thanks! > > -------------------------------------------------------------------------- > ------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > -------------------------------------------------------------------------- > ------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list- > unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list- > h...@qmailtoaster.com > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
