Re: [swinog] smtp attacks

2006-11-27 Diskussionsfäden Daniele Guazzoni
www.mhs.ch _ - Original Message - From: "Rene Luria" <[EMAIL PROTECTED]> To: ; <[EMAIL PROTECTED]> Sent: Monday, November 27, 2006 5:58 PM Subject: [swinog] smtp attacks Hi folks, We are currently experiencing a heavy load on all our smtp inbound servers since

Re: [swinog] smtp attacks

2006-11-27 Diskussionsfäden Matthias Hertzog
_ - Original Message - From: "Rene Luria" <[EMAIL PROTECTED]> To: ; <[EMAIL PROTECTED]> Sent: Monday, November 27, 2006 5:58 PM Subject: [swinog] smtp attacks Hi folks, We are currently experiencing a heavy load on all our smtp inbound servers since s

Re: [swinog] smtp attacks

2006-11-27 Diskussionsfäden Michael Naef
On Monday 27 November 2006 20:43, Daniel Kamm wrote: > Graylisting possibly helps as well. Graylsiting screws up the system "E-Mail" and doesn't help if the other end is a regular mailserver (cracked useraccount...). I think the only long-term reliable means to the solution of this problem rema

Re: [swinog] smtp attacks

2006-11-27 Diskussionsfäden Daniel Kamm
On Mon, 2006-11-27 at 17:58 +0100, Rene Luria wrote: > It is due to bounces coming from everywhere. Spamers using fake email > addresses from domains for which we are the MX. > > The amount of such emails (which we almost all reject, user unknown, > etc.. because of the fake email addresses) is en

Re: [swinog] smtp attacks

2006-11-27 Diskussionsfäden Daniel Lorch
Hi > The problem was made worse by the fact that we had left the response > code for a reject due to unknown recipient as 4xx, so naturally one of > these emails resulted in many connection attempts if they came from a > real mail server (as opposed to a zombie). At one point we were up to > 500

Re: [swinog] smtp attacks

2006-11-27 Diskussionsfäden Erik Rossen
On Mon, Nov 27, 2006 at 05:58:03PM +0100, Rene Luria wrote: > The amount of such emails (which we almost all reject, user unknown, > etc.. because of the fake email addresses) is enormous compared to > normal traffic (like 10 times what we have in general). > > Do any of you experience the same pr

Re: [swinog] smtp attacks

2006-11-27 Diskussionsfäden Stanislav Sinyagin
Many of those bounces aren't real bounces, but spam messages with virus attachments. we use Policyd (http://policyd.sourceforge.net/) with Postfix in front of the main mailserver (Plesk), and it offloads it significantly. Also the amount of spam has reduced dramatically. We use also Policyd f

[swinog] smtp attacks

2006-11-27 Diskussionsfäden Rene Luria
Hi folks, We are currently experiencing a heavy load on all our smtp inbound servers since saturday. It is due to bounces coming from everywhere. Spamers using fake email addresses from domains for which we are the MX. The amount of such emails (which we almost all reject, user unknown, etc.. be