Randy wrote:
Ken A wrote:
Randy wrote:
Are you sure it's not spam bounces (joe job)?
This is more common than a spam attack
Ken
Yeah we get those in spurts, but this appears to not be the case. We are
getting thousands of connects from non MX hosts and many are blocked at
the smtp layer by our mail server. The connecting hosts are non valid
MXes which many do not resolve, are listed in Spamhaus and use fake HELO
all sending to a single e-mail address.
If that's the case then I guess there's not a lot you do about it other
than suck up the volume. About the only thing I can think of is to add a
check_recipient_access entry for that e-mail address to specifically
reject the mail before it gets as far as your RBL checks in postfix. At
least then you could save a bunch of hits against Spamhaus and reject
the mail as early as possible in the smtp process.
