On Die, 12 Jun 2001, Mads Martin Jørgensen wrote:
Definitely. Question is, if you should forward a "sample" (header) of one of the spam-mails...
We cannot, because the problem never gets that far. Our mailserver rejects it like following: [1]
Jun 12 08:15:39 ns1 postfix/smtpd[8096]: reject: RCPT from mailout01.sul.t-online.com[194.25.134.80]: 450
: Sender address rejected: Domain not found; from= to= [linebreaks by me]
Oh, I see... But I guess, you'd need at least some hops before mailout01...
So it never gets that far, it only causes a lot of work for our mailserver, which is exactly the point of a DoS-attack. Lets say he had 100 machines trying this. Then our mailserver would never do anything but reject these connections - hence Denial of Service.
Unless we of course started blocking these IPs ...
[1] And no -- it is not a possibility to let them through.
Hm. Why not let one (or two) through, to get to the Time and IP the spammer used? Maybe he's not even a t-online customer, but if, AFAIK t-online can and will relate IP and Time to an account and hence close that account. As far as I've read, T-Online is _not_ as ignorant about spamming as are, say, uunet *eg*... I myself get virtually _no_ spam from t-online users. So, I think, that letting a few mails through (e.g. by means of adding 'solar.phoenix.anet' to /etc/hosts for a few minutes (or so), as is also proposed in the parallel answer by Dirk), you'd get the data you need (and upon which t-online would react).
"Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
Should I know, who apj is? ;) -dnh -- Since attendees must wear their name tags, they must also wear shirts or blouses. Pants or skirts are also highly recommended. -- RFC 1391