Re: SMTP DDoS

[Karma <steve () localhost bigpond com>]

There isnt much you can do when the spammer has forged your FROM field to be
from you.

You can find the source of the mail from the SMTP headers, and perform a
whois and put a letter of complaint to their ISP. But chances are, their ISP
would just ignore you anyway.


----- Original Message -----
From: "Kip Sr." <kipsr1 () yahoo com>
To: <security-basics () securityfocus com>
Sent: Sunday, August 10, 2003 11:50 AM
Subject: SMTP DDoS


> Hi everyone,
>
> For the past 10 days, our mail exchange server has
> been getting flooded with emails. It appears that an
> attacker is sending out tons of spam through various
> open relays and using our address
> (sales () mycompany com) in the return path. so
> essentially, all bounced emails are coming back to our
> mail server - we're seeing about 30,000 NDRs per day.
> I am using filters to delete the incoming email, but
> does anyone else have any other ideas on how to get
> this stopped? Since the NDRs are coming from
> legitimate sources, checking for open relays wont do
> me any good.
>
> Help!!!
>
> Kip.
>
>
>
>
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------