High CPU load, RCPT TO:

[Matt Kettler]

At 02:27 PM 2/1/2005, Dirk Enrique Seiffert wrote:
>I get lots of them, no idea why it has to be me: Its a simple mailserver for a
>small domain. We are relaying to maybe 1500 mails per day, not more. Since a
>few weeks these attacks started, I get them every few minutes.

It's no just you, it's *everybody*.

Spammers and worms are doing a LOT of address guessing these days. Everyone
on this list sees this kind of garbage hitting their servers every day. I
do not know of any servers that are not being attacked with rumplestiltskin
attacks.

My server, with very similar mail profile, has been under a continuous
barrage rumplestiltskin attacks since some time late in the day on July 8,
2004. I've never felt any pain from it, because I had BAD_RCPT_THROTTLE in
place long before the attacks started.

Even with BAD_RCPT_THROTTLE , MAX_RCPTS_PER_MSG, and
CONNECTION_RATE_THROTTLE, I'm still getting thousands of User unknown's per
day.

The big difference here is that I'm seeing is that most of my rumples are
coming from a wide variety of IPs and connections, instead of all from the
same connection.. This limits the rate somewhat, but should they have tried
the method they are hitting you with on my server, the throttle will kick in.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!