[Gllug] Handling a new twist by spammers
Xander D Harkness
xander at harkness.co.uk
Mon Dec 9 14:43:57 UTC 2002
John Winters wrote:
>One of my machines functions as a secondary mail server (running Exim).
>I notice this morning that it has a large number of frozen messages and
>looking at them I find a new twist to the nuisance of spammers.
>
>Someone has been sending a large number of e-mails to randomly generated
>addresses, (like "fred101 at linuxemporium.co.uk",
>"fred102 at linuxemporium.co.uk" etc.) and then sending them to the
>*secondary* mail server. It accepts them because it doesn't know any
>better, then tries to pass them on, fails, tries to send them back to
>the originator, fails again and then freezes them.
>
I have seen this as I run exim on primary and secondary.
What I have done is to implement callout on the secondary mailservers,
these then check with the primary that mail can be delivered and will
only accept the mail once it has checked that it can forward it.
This does cause a greater load and for heavily stressed mailservers it
is inappropriate.
Kind regards
Xander
>
>It looks either like incompetence or a half-baked DoS attack. Is there
>anything that can be done to prevent this trick?
>
>TIA,
>John
>
>
>
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list