Hi all, At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random "users" @my-domain-name.
I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE 717 Typical value for above is not more than 20. Traffic going in/out of my mail-server is minimal. I would remove them from the WHITE list and they would fill up almost immediately. My guess is someone is using these faked addresses ([EMAIL PROTECTED]) to send out SPAM and I'm getting the bounces from these. I'm basically looking for opinions as how to combat this problem right now. I'm not even 100% on the bounced email theory, but this had happened to me once before back in May 2003, but the bounces were mainly from gc.ca domain. I use gmane to read the list. If not too much to ask, please CC me on your reply(ies). Thanks, --patrick p.s., Server is running cvs updated -rOPENBSD_4_1 code.
