An end to spam through Graphnet

Dana Hudes dhudes at
Fri Aug 1 21:01:39 UTC 1997

Hi folks,
Some time back before the latest round of cable cuts and BIND
you may recall that I notified everyone that Graphnet was being
abused to
transit spam. An ugly mess -- between the bounces and the flood
of 'remove' from
angry recepients plus one wise guy who impersonated our marketing
it brought a dual cpu sparc20 to its knees at its height, with
over 100mb on the mail queue awaiting re-delivery or more likely

We have put an end to this madness on our systems by building and
configuring the very latest Sendmail v8 and BIND 4.9.6 (attempts
to use v8 failed for being too Berkley,
on a Solaris 2.x system -- but don't start arguing that here
please) in combination with
filters on our gateway router. Load has dropped way down on our
sparc20, and hopefully the spammers will go play with someone
else instead of futilely occupying bandwidth on our circuits .

Let this be an object lesson to those of you out there who have
yet to upgrade:
the spammers will find you sooner or later. They walk down every
A record in every zone until they find a victim. They look in
public databases like RIPE to see what mailboxes are registered
for the zone and they use those names to try to get past your
sendmail filters and launch spam in your name (doesn't work on
us, I thought of that trick).
So go forth to and and compile.

Dana Hudes

More information about the NANOG mailing list