From: Jason Fesler (no email)
Date: Mon Sep 01 2003 - 12:22:36 EDT
> My friendly mailserver and domains are in trouble :-(
> I'm getting a huge amount of connections to port 25 right now. The problem
> seems to be that a spammer faking that he sends spam from my domain. The
> result is that Mailservers all over the world bounces messages to my server.
That's called a "joe job".
> How can I handle this situation?
If any of the addresses he/she forged from are to non-users, send those to
/dev/null. Otherwise, set up a filter on your postmaster account, and
have it toss things appropriately. Some people like to reply to such
thinsg, some people just want to put their head in the sand. Which
approach is better, I dunno. Depends on the scale I guess.
> I did a grep on the logfile (180 MB in the last 10 hours) and I got
> connections from more than 100.000 IP addresses. Please give me some advice.
How many of the bouncse are going to legitimate users on your system? How
many users do you have? Are most of the bounces going to bounce on your
system too?
Sadly, I think your only reactions can be defensive :(.
|
|
|