Max Kipness max at
Fri Feb 6 19:45:31 GMT 2009

Today I noticed that all of a sudden email was delayed by quite a bit.
When I ran my queue script I realized there were over 7k emails waiting
in the inbound queue. Also when running dmesg, I got:


possible SYN flooding on port 25. Sending cookies.


This was printed about 20 times.


In the maillog, I found tons emails from 'user at', literally.


I've now entered:


user at         DISCARD


in /etc/mail/access 


This seems to be stopping them for now, but I have thousands in the
incoming still that I guess need to be quarantined as spam yet.


Has anybody else seen this? Is this an attack of some sort? Each email
seems to be from a different IP even though they all say they are from
user at



-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list