Andrew - Supernews wrote: >>>>>>"W" == W B Hacker <[EMAIL PROTECTED]> writes: > > > >> That 99.99% peak figure was reached here during a period of a few > >> hours during which we received more than _10 million_ connection > >> attempts caused by blowback of all forms, at a domain used only by > >> a handful of staff which normally gets a few thousand per day. > > W> Am I misreading something, or did you just indicate that a > W> (hopefully rare!) defect in one of your *own* hosting servers > W> cause *your own* MX the grief? > > Where on earth did you get that idea?
From the paragraph above - w/r 'broken forms...' et al. > > The scenario is this: > > 1) Some spammer (not anywhere near our network) sends out hundreds of > millions of spams using random forged addresses at our domain as the > envelope sender. OK. Story changes (again?) C'mon! I may have been born at *night*, but it wasn't *last* night. *snip* > Result: we end up receiving 300+ SMTP connections per sec, from > millions of different IPs all of which are actually mailservers. > Blocking by IP is no help (something like 50% of the traffic last time > was from IPs that made only _one_ connection during the extent of the > attack). There is nothing else to block on since the connections are > not otherwise distinguishable from real traffic. > 300+ /sec, yet 50% of the traffic was on ONE connection? Dunno if it is your arithmetic, veracity, or understanding of how to configure an MTA that is lacking - perhaps all of the above. But I cannot help. Gone.... Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
