max at assuredata.com
Fri Feb 6 19:45:31 GMT 2009
Today I noticed that all of a sudden email was delayed by quite a bit.
When I ran my queue script I realized there were over 7k emails waiting
in the inbound queue. Also when running dmesg, I got:
possible SYN flooding on port 25. Sending cookies.
This was printed about 20 times.
In the maillog, I found tons emails from 'user at domain.com', literally.
I've now entered:
user at domain.com DISCARD
This seems to be stopping them for now, but I have thousands in the
incoming still that I guess need to be quarantined as spam yet.
Has anybody else seen this? Is this an attack of some sort? Each email
seems to be from a different IP even though they all say they are from
user at domain.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner