North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: tcsender email bombing

  • From: Dennis Simpson
  • Date: Tue Nov 04 23:42:59 1997

> From [email protected]  Tue Nov  4 23:24:56 1997
> Date: Tue, 4 Nov 1997 21:25:07 -0700
> From: John-David Childs <[email protected]>
> To: Dennis Simpson <[email protected]>
> Cc: [email protected]
> Subject: Re: tcsender email bombing
> 
> On Tuesday November  4, 1997, Dennis Simpson <[email protected]>
>  had this to say about "tcsender email bombing":
> 
> > Having seen fairly heavy loading on our mail server today, I decided
> > to see what might be going on.
> 
> Yes...2741 entries in my maillog since 11:00pm yesterday...but our
> mailserver barely hiccuped and I wouldn't have noticed for a day or two
> unless I came across your post.  What prompted you to go looking?
> 
> > Approximately one third of our email traffic today has come from this.

We keep a fairly close eye on our servers (most of the time :-) and
when we suddenly see one source responsible for a third of the spam,
it is worth making some effort to knock them off.

Taking the connections just to reject them seems like a real waste
to me, and so does logging it all.

> You may want to change your 451 errors into 571 errors at least for this
> particular domain.  From RFC1893:

Interesting point. I wonder how many people care what the reject code
is, compared to how many just note that it failed, and follow it up
as they would any failure, regardless of the failure code?

Thx,
dennis