user@domain.com spam?

Max Kipness max at assuredata.com
Fri Feb 6 19:45:31 GMT 2009


Today I noticed that all of a sudden email was delayed by quite a bit.
When I ran my queue script I realized there were over 7k emails waiting
in the inbound queue. Also when running dmesg, I got:

 

possible SYN flooding on port 25. Sending cookies.

 

This was printed about 20 times.

 

In the maillog, I found tons emails from 'user at domain.com', literally.

 

I've now entered:

 

user at domain.com         DISCARD

 

in /etc/mail/access 

 

This seems to be stopping them for now, but I have thousands in the
incoming still that I guess need to be quarantined as spam yet.

 

Has anybody else seen this? Is this an attack of some sort? Each email
seems to be from a different IP even though they all say they are from
user at domain.com.

 

Max

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090206/f37bc203/attachment.html


More information about the MailScanner mailing list