From: Adam D (emlistsgmail.com)
Date: Mon Aug 20 2007 - 09:42:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello list,

I have noticed a very large (over 2-5.5k+...) emails in one day, since
Friday, being sent to the same, SPAMer created, non existent account.
The logs are showing the SPAM/Virus being rejected for these reasons:

Helo command rejected: Host not found; from=<> from=<>
to=<jicdomainfeldomain.tld>
Client host rejected: cannot find your hostname [...] from=<>
to=<jicdomainfeldomain.tld>

For some odd reason the SPAMer made up the account name by taking our
domain name and flanking it on both sides with 3 letters to form a new
account which will never make it through our server.

We are constantly being bombarded with emails sent from all over the
internet with this same address. The IP addresses are constantly
changing but some are coming from the same IP address with different
helo domain names. (So far, the highest amount of email sent from the
same IP is 68 but I really do not think spending the time blocking IP
address will rid our selves of this annoying issue. The constant
variable from the reject is the 'jicdomainfeldomain.tld' address and it
is now reached into the very, very, very annoying stage. I am guessing
we are being bombarded with this SPAM from an active bot net thus the
constant change of IP address. The SPAM are being blocked at the front
door with proper SMTP rejects but it is a nuisance and the logs are
being plagued from this and it is like there is a loud mob outside the
port just trying to get into the server. So far the server is handling
the onslaught of email quite well but I do not want to wait for it to
reach the DOS stage.

Is there is a way to further quite the SPAM as to keep it from trying to
access our server period and not take up so much room in the logs?

Thank you,
-Adam

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]