[UFO Chicago] Spam DOS -- ideas?
David W. Harks
dave at psys.org
Wed Sep 17 08:22:16 CDT 2003
Greetings, UFOers,
I'm faced with a problem:
One of the domains I host is getting flooded with spam. Literally thousands of
simultaneous connections from thousands of servers worldwide are beating on
my exim system.
To temporarily solve this, I've modified my MX to point to a server that can
be dedicated to the purpose of handling this flood. Also, I've configured
exim with jealous connection limits and to use SMTP VRFY, along with several
DNSBL's.
But this isn't stopping the thousands of connections which end up acting as an
effective email DOS. The servers sending the mail are actually (mostly)
legitimate, and when checked via ORDB and SpamCop, come back clean, but
they're attempting to send to thousands of nonexistent addresses @mydomain.
Of course, VRFY doesn't allow this, but the flood continues.
Any thoughts on how to fight back against this sort of thing? Would it be
better to NOT use VRFY, and just let thousands of bounces go out? I'm pretty
sure the senders are spoofing their addresses, so I think that would get lots
of bounces to the wrong folks. (although, perhaps THOSE folks might have
better luck contacting their various ISPs...) Firewalling off the addresses
isn't practical, since these are generally 'legitimate' servers (and, the
list of rules gets long -- over 11,000 unique addresses so far).
Any suggestions, experience, or ideas are welcome.
Thanks!
dave
--
David W. Harks <dave at psys.org> http://dwblog.psys.org
More information about the ufo
mailing list