Mike Cisar wrote:
Since about the 26th of Dec I've had one particular
mailserver that has been dealing with a constant stream of crap... all
emails to unknown users, all of the email addresses seem consistent (either
3 'syllables'... an uppercased 'syllable', a lowercased 'syllable' and
another uppercased 'syllable'... or 2 uppercased 'syllables'). They don't
seem to be coming from any consistent IP address (or region). Problem is of
course that the mailserver's connections get tied up processing rejecting
this crap (and of course it's chewing up my transfer allocation bit by tiny
bit).
There's one more piece of data needed before you decide on a course of
action: what kind of email is being sent. Are you getting first-order
spam, or are you getting bounce messages?
If all the target addresses are in the same domain, it could be as
simple as this:
1. Spammer picks a random domain name known to exist: yours.
2. Spammer generates a bunch of random addresses at that domain.
3. Spammer sends out junk to thousands of targets using these addresses.
4. Thousands of servers send you the bounces, the sender verification
checks, etc.
This happened a couple of weeks ago with one of my domain names.
Similar pattern of addresses:
FirstnameLastname@
FirstnameRandomwordLastname@
etc.
Actually, it's still going on, but it doesn't have much of an impact
since the server rejects unknown recipients right away.
It might be worth looking for a couple of addresses that get hit
repeatedly and temporarily activating them, or even turning on a
catch-all for 20 seconds or so, to capture some of the messages and see
whether you're dealing with a botnet or backscatter.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
