Am 2008-01-08 10:12:28, schrieb Joseph Brennan:
I don't understand how refusing after MAIL could take 6 times as much
resources as accepting the message. By refusing, you don't receive
the message body and you don't have to output the message to a mailer.
That has to use less resources than
Am 2008-01-02 10:14:51, schrieb Kelson:
Actually, it's still going on, but it doesn't have much of an impact
since the server rejects unknown recipients right away.
Here too, but it eats nearly 100% of System- and CPU-Resources...
It might be worth looking for a couple of addresses that get
Michelle Konzack [EMAIL PROTECTED] wrote:
since the server rejects unknown recipients right away.
Here too, but it eats nearly 100% of System- and CPU-Resources...
It might be worth looking for a couple of addresses that get hit
repeatedly and temporarily activating them
I have tried
Joseph Brennan wrote:
Michelle Konzack [EMAIL PROTECTED] wrote:
since the server rejects unknown recipients right away.
Here too, but it eats nearly 100% of System- and CPU-Resources...
It might be worth looking for a couple of addresses that get hit
repeatedly and temporarily activating
Mike Cisar wrote:
Since about the 26th of Dec I've had one particular
mailserver that has been dealing with a constant stream of crap... all
emails to unknown users, all of the email addresses seem consistent (either
3 'syllables'... an uppercased 'syllable', a lowercased 'syllable' and
another
Matthias Schmidt wrote:
Happy New Year everyone :-)
Am/On Tue, 1 Jan 2008 04:20:42 +0100 schrieb/wrote mouss:
John D. Hardin wrote:
On Mon, 31 Dec 2007, Mike Cisar wrote:
Even tried yanking the IP address off of the server over the
holidays in the hope that whatever
On Tue, 1 Jan 2008, mouss wrote:
Matthias Schmidt wrote:
best wishes to everybody, even spam senders ;-p (but spam won't be
tolerated, even today!).
Dunno about you, but after a significant increase in greeting card spam
today I had to rescind any wishes towards spammers that got away from
On Tue, 1 Jan 2008, mouss wrote:
John D. Hardin wrote:
On Mon, 31 Dec 2007, Mike Cisar wrote:
Even tried yanking the IP address off of the server over the
holidays in the hope that whatever it was would just give up. No
such luck, within a minute of reactivating the IP to the
On Tue, 1 Jan 2008, mouss wrote:
John D. Hardin wrote:
On Mon, 31 Dec 2007, Mike Cisar wrote:
Even tried yanking the IP address off of the server over the
holidays in the hope that whatever it was would just give up. No
such luck, within a minute of reactivating the IP
John D. Hardin wrote:
On Tue, 1 Jan 2008, mouss wrote:
Tarpitting may not be the right answer, because they have a lot
more resources than us
I may have misunderstood what Mike was saying in his original post - I
thought that the traffic was originating from a single IP and that
On 1 Jan 2008 [EMAIL PROTECTED] wrote:
However, labrea may be great software ... but it is certainly not
the software one wants to compete with a live machine for incoming
connections.
The way I run it, the IP addresses being tarpitted are IP addresses
that would be rejected anyway by zen et.
When I say tarpit I don't mean an MTA-native slow the SMTP
conversation down model, I mean a genuine TCP tarpit that plays games
with window sizes to trap the attacker - that's what LaBrea does.
I don't think the MTA should be tasked with tarpitting. Tarpitting is
a job for a dedicated
However, labrea may be great software ... but it is certainly not
the software one wants to compete with a live machine for incoming
connections.
The way I run it, the IP addresses being tarpitted are IP addresses
that would be rejected anyway by zen et. al. DNSBL checks - they are
On Tue, 1 Jan 2008, Robert - elists wrote:
When I say tarpit I don't mean an MTA-native slow the SMTP
conversation down model, I mean a genuine TCP tarpit that plays games
with window sizes to trap the attacker - that's what LaBrea does.
I don't think the MTA should be tasked with
On 1 Jan 2008 [EMAIL PROTECTED] wrote:
maybe I misread the laBrea docs that talk about capturing unused
ip Could you show me configuration you use for labrea
There are some patches you need to apply to use LaBrea this way. See
http://sourceforge.net/tracker/?group_id=70896atid=529395
why not use something like this that rejects ip blocks at the MTA level
http://us.trendmicro.com/us/products/enterprise/network-reputation-services/index.html
it blocks anything on the DUL list which is a list the isp's put out of
which ip's shouldn't be sending mail.
the reject messages look
alex wrote:
why not use something like this that rejects ip blocks at the MTA level
http://us.trendmicro.com/us/products/enterprise/network-reputation-services/index.html
it blocks anything on the DUL list which is a list the isp's put out of
which ip's shouldn't be sending mail.
the
Hi All,
A bit off topic since the users are all unknown so the traffic never makes
it to my spamassassin. But I am hoping that someone here may have seen the
same thing and have a solution for making the problem go-away :-)
I'm not sure whether it's supposed to be a DDOS attack, a dictionary
Mike Cisar wrote:
Hi All,
A bit off topic since the users are all unknown so the traffic never makes
it to my spamassassin. But I am hoping that someone here may have seen the
same thing and have a solution for making the problem go-away :-)
I'm not sure whether it's supposed to be a DDOS
On Mon, 31 Dec 2007, Mike Cisar wrote:
Even tried yanking the IP address off of the server over the
holidays in the hope that whatever it was would just give up. No
such luck, within a minute of reactivating the IP to the server
this morning the traffic was back to full flow.
Tarpit 'em.
I'm not sure whether it's supposed to be a DDOS attack, a dictionary
attack,
bunch-o-bots or what. Since about the 26th of Dec I've had one
particular
mailserver that has been dealing with a constant stream of crap...
That is, if a specific IP address tries sending to bad users more
Mike Cisar [EMAIL PROTECTED] wrote:
They don't seem to be coming from any
consistent IP address (or region). Problem is of course that the
mailserver's connections get tied up processing rejecting this crap (and
of course it's chewing up my transfer allocation bit by tiny bit).
The addresses
--On Monday, December 31, 2007 4:00 PM -0700 Mike Cisar
[EMAIL PROTECTED] wrote:
I haven't counted, but based on the flow, I'd estimate I've seen
about 1000 distinct IP's... that is what leads me to believe it's some
sort of distributed attack. There are some repeat recipients, from
John D. Hardin wrote:
On Mon, 31 Dec 2007, Mike Cisar wrote:
Even tried yanking the IP address off of the server over the
holidays in the hope that whatever it was would just give up. No
such luck, within a minute of reactivating the IP to the server
this morning the traffic was back to
Happy New Year everyone :-)
Am/On Tue, 1 Jan 2008 04:20:42 +0100 schrieb/wrote mouss:
John D. Hardin wrote:
On Mon, 31 Dec 2007, Mike Cisar wrote:
Even tried yanking the IP address off of the server over the
holidays in the hope that whatever it was would just give up. No
such luck,
25 matches
Mail list logo