| Linode Forum https://forum.linode.com/ |
|
| Got Email DDOS attack https://forum.linode.com/viewtopic.php?f=11&t=1148 |
Page 1 of 1 |
| Author: | komy [ Sat Sep 11, 2004 3:00 am ] |
| Post subject: | Got Email DDOS attack |
Hi, I recently noticed in my exim log that I am getting a lot of random emails sent to non existing users at my domain. These emails are just coming from random IP and are sent to random non existing user in my domain. My exim setup only allow relay from locahost, and reject all other relay. But I am now getting about 1-2 every 5 seconds and my reject log is jammed with those reject message. Is there any way I can block those spoof email? I have already setup script for iptable to block access from those random hosts. What should I do next? Thanks. Kevin |
|
| Author: | wirehead [ Sat Sep 11, 2004 6:49 pm ] |
| Post subject: | |
Unfortunately, that's par for the course these days. See, the spammers have realized that people are not posting their email addresses. So they've been guessing usernames at any domain they can find. So if you can figure out how to block them, you've just fixed the spam problem.. :/ |
|
| Author: | rjp [ Sun Sep 12, 2004 10:18 am ] |
| Post subject: | |
While I don't really know much about exim (I use sendmail), I'm pretty sure that you can set it up to use DNS-based IP blacklists. I make use of the SBL and XBL at Spamhaus, and they nip quite a lot of spam in the bud. The SBL covers known spam operations, and the XBL lists known "zombie" machines that send spam and email worms. I also have a local block list to which I add systems that send junk but haven't been listed in the Spamhaus lists. |
|
| Author: | komy [ Sun Sep 12, 2004 3:38 pm ] |
| Post subject: | |
Thanks for all the suggestions. And yes, my setup included all the possible mean of spam protection, using SBL from various sources, reject relay from anywhere other than localhost. I guess the the question that I am still having is, is there any additional ways that I do to prevent spammer to send mail to random users on my domain. Although I am already rejecting all mail to unknow users on my host, I am trying to see if there are ways to add additional mean of protection on top of what I have had: iptables blocking, reject open relay, reject unknow user, and with the help of spamassassin. When I am seeing on average of 1-2 emails sent to my domain's non-existing users every couple seconds or so, I am start to worrying about the server load and my bandwidth limit. Thanks for all your help! Regards, Kevin |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|