From: Matthias Schmidt (betaadmilon.net)
Date: Tue Jan 01 2008 - 19:29:16 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am/On Tue, 1 Jan 2008 17:31:29 -0500 schrieb/wrote Wietse Venema:

>JD Bronson:
>> I am looking for any advice on how to mitigate an attack.
>>
>> I appear to be under attack from IPs all over the world attempting
>> to send email to one of my domains with all invalid usernames:
>>
>> For example:
>> 1 Laasixcompanies.com (<>)
>> 1 Leitnerkkiwhsixcompanies.com (<>)
>> 1 lemerandsixcompanies.com (<>)
>> 1 Linassixcompanies.com (<>)
>> 1 Littleflowersixcompanies.com (<>)
>> 1 Lounekmmhvpsixcompanies.com (<>)
>> 1 isabelle.lundquistsixcompanies.com (<>)
>> 1 merloptlqsixcompanies.com (<>)
>> 1 Mikhail-Rowensixcompanies.com (<>)
>> 1 Miu_Connollysixcompanies.com (<>)
>> 1 Natorywasixcompanies.com (<>)
>> (tons and tons of these)
>
>Backscatter. Joe-job.

I don't think so.
imho it is a bot-net spam-attack.
There's is just in the moment a discussion about this on the
spamassassin list.
The thread is called Re: DDOS, Dictionary Attack... not sure what it is...

one solution is imho to require that an ip resolves, this already dropps
more than 90% of such mails, the rest gets blocked by DNSBLs, like spamhaus.

check the thread out, there are a couple of suggestions to solve the problem.

Thanks and all the best

Matthias

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]