On Sun, Sep 23, 2007 at 03:33:03PM -0700, patrick keshishian wrote: > At around 1:40 PM (PDT) my SMTP server started getting flooded > by enormous amount of connections. The connections were for > seemingly random "users" @my-domain-name. > > I'm running spamdb in greylist mode, but these servers were > getting white-listed very quickly. > > $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE > 717
I've seen something *very* similar. In my case the "user" portions seemed random at first glance, but some were repeated a LOT. See if you have that, too. If so, enter those "random" addresses as SPAMTRAP entries. That way they're blocked for 24 hours, and will reblock themselves if they persist. I had also done a log tailer that added to a blacklist, but that turned out not to be needed with the above. ymmv. -- Darrin Chandler | Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
