I will definitely be contacting you off list.
The problem I am running into now is that the imail cannot support the shear number of emails that are being put through. We are creating log files that are in the 300+ meg range and the server can no longer keep up with the smtp requests. We also have a spool server which is running at about 100,000 e-mails behind (so the iMail server cant keep up to this level of attack and there are over 100,000 emails sitting in the queue on another server waiting to be delivered). I have just removed this client from our dns servers (no more mx records etc) as we have over 1000 other sites on our servers who can no longer get their forms working from their sites either (ARGH!!!!). Darryl -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, March 10, 2004 6:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] 2,000,000 + emails today Hi Darryl- We've been going through the same thing since early January - although not to the extent you're seeing it. We get 350,000 to 650,000 a day for one domain. Exactly the same pattern, though. Widely distributed IP addresses that indicate that the sender controls zombies or has placed these addresses in a "million addresses" CD. We have quarantined the recipient domain onto a standby server, and we are collecting log files to use as evidence. I am in the process of fine-tuning the message parsing software I wrote, and I am extracting linked domain names from about 5,000 sample messages now. Hopefully, we will find a common beneficiary and be able to go after him. I have found no good technical way to stop the attack. The positive side to this type of attack is that sending back a user-not-found error takes almost no bandwidth or server resources and prevents the actual message from being sent - all you get is a short SMTP dialog with the sender. Until you download some samples, then things really clog up. Contact me off-list if you want to share specifics. -Dave Doherty Skywaves, Inc. ----- Original Message ----- From: "Darryl Koster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 10, 2004 5:48 PM Subject: [Declude.JunkMail] 2,000,000 + emails today So I have received over 2,000,000 emails today for just one domain name, its been interesting and I have been trying to stop this myself and am having little or no luck at all figuring out what to do. After looking at the headers of the e-mails I have found that he/she/basturd has many many ip's (or spoofing of IP's) at their disposal. Any suggestions on what to do? Basically this person, nay jacka** is sending a dictionary/whatevertheywanttoputin to the company (particular domain). Frustrated Darryl Koster --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
