tcsender email bombing

• Previous message (by thread): tcsender email bombing
• Next message (by thread): tcsender email bombing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From jdc at milehigh.denver.net  Tue Nov  4 23:24:56 1997
> Date: Tue, 4 Nov 1997 21:25:07 -0700
> From: John-David Childs <jdc at nterprise.net>
> To: Dennis Simpson <dennis at bconnex.net>
> Cc: nanog at merit.edu
> Subject: Re: tcsender email bombing
> 
> On Tuesday November  4, 1997, Dennis Simpson <dennis at bconnex.net>
>  had this to say about "tcsender email bombing":
> 
> > Having seen fairly heavy loading on our mail server today, I decided
> > to see what might be going on.
> 
> Yes...2741 entries in my maillog since 11:00pm yesterday...but our
> mailserver barely hiccuped and I wouldn't have noticed for a day or two
> unless I came across your post.  What prompted you to go looking?
> 
> > Approximately one third of our email traffic today has come from this.

We keep a fairly close eye on our servers (most of the time :-) and
when we suddenly see one source responsible for a third of the spam,
it is worth making some effort to knock them off.

Taking the connections just to reject them seems like a real waste
to me, and so does logging it all.

> You may want to change your 451 errors into 571 errors at least for this
> particular domain.  From RFC1893:

Interesting point. I wonder how many people care what the reject code
is, compared to how many just note that it failed, and follow it up
as they would any failure, regardless of the failure code?

Thx,
dennis

• Previous message (by thread): tcsender email bombing
• Next message (by thread): tcsender email bombing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]