Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Spammers Attack?

Posted by Cliff on from the find-your-closest-flame-thrower dept.

Gothmolly asks: "After reading the recent spate of spam and anti-spam articles here on Slashdot, I decided to beef up the anti-spam security on my own domain. I run my own domain and mail server, running Qmail, along with rblsmptd. Mail that passes this gets hit with Spamassassin However, one particular spamhaus, Clickformail has particularly nasty servers, they try at least 2 SMTP connects/second, and I suspect that's only limited by my 384k DSL pipe. The impact on my box was non-zero, to say the least. I ended up putting a packet filter on their class C netblock to stop the barrage of log messages and increase in load (from 0.05 normal to 0.15). Has anyone else experienced such determined spammers, and what is the best way around it?"

2 of 16 comments (clear)

  1. Don't fool around! Hit 'em hard! by spoonist · · Score: 5, Interesting

    I dunno dude, but it sounds to me like you're the victim of a Denial of Service (DoS) attack. If I were you I would document each and every single occurance (time, size, IP addresses, etc) and attach a dollar value to each occurance (time spent, harddrive space filled up, bandwidth filled up, down time, new equipment bought to counter the threat, etc).

    Then give a call to the U. S. Secret Service Electronic Crimes Branch or the FBI National Computer Crime Squad or the National Infrastructure Protection Center.

    Note that each of these organizations has a dollar amount threshold. If the crime doesn't break the threshold (e.g. over $10k or something (I don't know the actual numbers, but I'm sure they can be found here)), then they won't investigate the crime.

  2. Tantalus by ChiefArcher · · Score: 5, Informative

    I wrote a sendmail milter called Tantalus that stops spammers from guessing usernames... Basicly if they hit X wrong email addresses on your SMTP server in X amount of time, they are blocked for X number of minutes... It's really fun to watch them guess that 100 or so names they guess and hit the Xth wrong one and just be shut out... :)
    It basicly picks up where spamassassin and RBL stops.... It's kinda fun to watch it in debug mode.... and it's free.

    http://www.linuxmailmanager.com/tantalus.html

    ChiefArcher