On 10/22/2004 11:32 PM +0200, Kai Schaetzl wrote:
For about 48 hours I see an increase in attempts to unload spam to our
clients. Many of the connects seem to be endless = they keep the sendmail
process with almost no data open until I kill them after a while. This
happens on several machines, sometimes looking a bit like a "wave" and
many of the target email addresses are no longer on these machines but
moved to another MX. It looks like there have been old MX records from
half a year ago or so been activated. But the stuff comes from dialups all
over the world, so it can't be some provider's nameserver handing out
bogus info.
It's not in any way near a DoS attack, but I'm curious. Anyone seeing
similar mysterious spam waves?
Kai
Some spamsoftware lets other hosts do the mx lookups, and feed the zombies
with the target email addresses and the ip where to send the spam to.
This way the zombies do not need to do mx lookups when they spam.
Thus, if you move a domain to a different mx, the old one will still
be hammered with spam for the moved domain.
Regards,
Niek
--
_______________________________________________________________________
Read about mime: http://www.geoapps.com/nomime.shtml
Read about quoting: http://www.netmeister.org/news/learn2quote.html
Read about disclaimers: http://www.goldmark.org/jeff/stupid-disclaimers
