Distributed Dictonary email slam

• Previous message (by thread): Best Practices for Enterprise networks
• Next message (by thread): Distributed Dictonary email slam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are secondary mx for a specific domain that has been hammered since 
friday night. We've accumulated literally thousands of email messages in 
our queue while the primary mx at the customer site is out of service 
yet again. In looking at the queue it appears that it's one heck of a 
dictionary based slam. Interesting thing about this is that it is 
distributed.. entire dictionary destination addresses such as 
bene*@domain.com come from one host (apparently with a trojan on it or 
otherwise) while benf*@domain.com come from yet a different host.. and 
so on down the alphabet all the while constantly changing source hosts.. 
Now being as we are a secondary mx I'm dropping their record out of our 
email system as I write this, however, I am curious if other have gone 
through or are currently going through something of this magnitude (12K 
spam/dictionary msgs per hour destined to one domain and that's just 
what is getting past the blacklist checks). Normally I see my spam block 
daemon at around 10 - 15 concurrent requests.. right now it's tearing 
along at around 160 - 180 concurrent bad connections.

And of course a few suggestions to mitigate this would be appreciated.. 
I currently employ multiple blacklists such as spamcop.net, abuseat.org, 
spews level 1 and 2, and spamhaus, plus my own blocklists for china and 
korea to check on incoming email source addresses.

• Previous message (by thread): Best Practices for Enterprise networks
• Next message (by thread): Distributed Dictonary email slam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]