[svlug] Sudden increase in spam volume
Kevin Smathers
kevin at ank.com
Thu Dec 7 10:53:52 PST 2006
Just wondering if anyone else has noticed a sudden spike in low-quality
spam at your domains. I'm seeing connect rates of about 10x the usual
volume at my mail server in less than a week. The quality is
exceptionally poor, probing random email addresses using what looks like
a dictionary attack, but has been sustained for at least 48 hours, with
no pattern that I can see in the attacking IP addresses (there literally
are hundreds of different hosts from all parts of the world in my mail
logs.)
I would just ignore it, but it is consuming a fair amount of bandwidth,
and some real mail is getting delayed/bounced due to forking limits that
I have set in qpsmtpd. I've added a tarpit for invalid RCPT messages
(10s penalty) in hopes of slowing them down, but I'll probably have to
bump up the forking limit to compensate.
If anyone else is running into this, I'd like to hear what you've
decided to do.
Cheers,
-kls
More information about the Svlug
mailing list