Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Distributed mailbombing on one address

From: Frank Bonnet (f.bonnetesiee.fr)
Date: Fri Mar 28 2008 - 10:14:11 CDT

Jorey Bump wrote:
> Frank Bonnet wrote, at 03/28/2008 10:17 AM:
>> The mailbox of a user here is literally mailbombed ( ~ 4 mails /
>> seconds )
>> I have checked into email syslog and it appears the attack seems
>> distrinuted
>> and comes from dozens of randoms servers ...
>> I have setup a new account for the user but the attack still continues.
>> For now I have aliased the attacked address to /dev/null but I wonder
>> what would be the most efficient (which generate the smalest load of
>> the server)
>> method to refuse/discard emails for this address ?
> This could be backscatter:
> http://www.postfix.org/BACKSCATTER_README.html

Thank you for this link

I think the problem would be elsewhere I've found a *lot* of references
to the qmail-send program in syslog from a growing number of servers.

I have now modified the alias and redirect all emails to this address
on another isolated machine to analyse the log without disturbing our

let's see where doee it come from