Feeding the Phish
From an e-mail that really was (really) sent from one of my credit card issuers: “If you are concerned about the authenticity of this message, please click here.”
Mail DDOS
It appears as though I am experiencing an e-mail based DDOS. As near as I can tell, thousands if not millions of messages addressed to jslopez@xman.org are bouncing around the Internets as I write this. I have no idea why this e-mail address was selected (AFAIK, this address has never been a valid address). Furthermore, the DATA segment of the e-mails appears to be empty. Greylist rejects seem to cause many of the
The net effect of all this was to completely tie up my mail server and for the most part prevent any mail delivery. I’ve now tweaked the server a bit so I do eventually get mail, but it is still rather grim. So far, I’m killing connections to clients after two errors, I’ve trimmed my accept queue depth, and dramatically increased the number of simultaneous connections I will process. The overall effect has been pretty taxing on my mail server, and I still see significant delays in delivery times, so I’m all ears to any brilliant suggestions on how to address this problem.
If you are a mail admin and are wondering why your queues are backed up with tons of jslopez@xman.org e-mail, please, please kill it. I suspect thought that most of my mail is coming from bots, so I’ll probably need to start adding immediate filtering at connect time that drops suspected bots.
Is this happening to anyone else?