I'm getting attacked by spam on my server which has resulted in my Exim failing over and over again... it also resulted in my server slowing down...

From what I gather, someone has a grudge with one of my sites and is running some sort of program that sends it many, many e-mails (thousands) that all say "all you [website] is belong to us"

Every e-mail is sent from a different account.

What should I do?

Block all emails. Try to find out the provider of the email accounts, and then once you have figured that out, start up POP3 again.

I don't think any of your customers will lose any emails as most email servers try over and over again to deliver the mail for 24 hours.

Although I'm not exactly sure. Maybe one of the more experienced members could help ya out.

the sad thing is... they just shut down my server... pinged it so much it just went dead i think

threats made by the user:

[on us banning them] : You ban me, I bring a world of havoc upon you...not a threat, just an insight to my way of thinking...

Also, you can't ban me, I have about 50,000 proxies waiting for people like you:)

[later] : Read above, and please...for the sake of the forums well being, don't test me.

[when a mod changed their nickname to something bad] Whomever changed my custom title may want to consider changing it back...or else...

[after we started suffering from slowdowns and mass spam] : Funny...the site keeps getting slower and slower by the minute. I wonder what's wrong...

Different IPs the user used:

132.32.201.10
24.220.111.188
24.220.0.48

The sad thing is that I'm being threatened by someone and being taken down and I don't know what I can do about it...

Suggestions, please?

You may be able to filter by subject, and block all emails with that subject. BTW the correct term is "Mail Bombing".

unfortunately, every e-mail has a randomly generated subject line =(

This is odd - I don't know how to translate this:

Does this mean someone is spamming with my site?


Exim statistics from 2003-03-27 07:16:12 to 2003-03-27 21:47:14

Grand total summary
-------------------
At least one address
TOTAL Volume Messages Hosts Delayed Failed
Received 11MB 10861 22 7860 72.4% 488 4.5%
Delivered 23MB 24698 65

Deliveries by transport
-----------------------
Volume Messages
local_delivery 7878KB 8289
remote_smtp 3761KB 3617
virtual_userdelivery 12MB 12792

Messages received per hour (each dot is 86 messages)
----------------------------------------------------

00-01 0
01-02 0
02-03 0
03-04 0
04-05 0
05-06 0
06-07 0
07-08 740 ........
08-09 222 ..
09-10 74
10-11 165 .
11-12 75
12-13 1691 ...................
13-14 4285 .................................................
14-15 783 .........
15-16 798 .........
16-17 320 ...
17-18 655 .......
18-19 93 .
19-20 523 ......
20-21 212 ..
21-22 225 ..
22-23 0
23-24 0

Deliveries per hour (each dot is 203 deliveries)
------------------------------------------------

00-01 0
01-02 0
02-03 0
03-04 0
04-05 0
05-06 0
06-07 0
07-08 46
08-09 24
09-10 65
10-11 131
11-12 89
12-13 4584 ......................
13-14 10127 .................................................
14-15 3936 ...................
15-16 3650 .................
16-17 385 .
17-18 643 ...
18-19 72
19-20 521 ..
20-21 206 .
21-22 219 .
22-23 0
23-24 0

Time spent on the queue: all messages
-------------------------------------

Under 1m 3017 92.7% 92.7%
5m 57 1.8% 94.4%
15m 132 4.1% 98.5%
30m 27 0.8% 99.3%
1h 13 0.4% 99.7%
3h 7 0.2% 99.9%
Over 1d 2 0.1% 100.0%

Time spent on the queue: messages with at least one remote delivery
-------------------------------------------------------------------

Under 1m 964 80.4% 80.4%
5m 57 4.8% 85.2%
15m 132 11.0% 96.2%
30m 27 2.3% 98.4%
1h 13 1.1% 99.5%
3h 4 0.3% 99.8%
Over 1d 2 0.2% 100.0%

No relayed messages
-------------------

Top 50 sending hosts by message count
-------------------------------------

9530 9213272 (skylight.gleemhost.net)
1306 1542139 local
3 10860 omr-m04.mx.aol.com
3 10846 omr-d02.mx.aol.com
2 3340 dong.sebank.se
1 73634 fep02-mail.bloor.is.net.cable.rogers.com
1 62184 maile.telia.com
1 62184 mailf.telia.com
1 8797 f56.pav2.hotmail.com
1 3615 omr-d05.mx.aol.com
1 3614 omr-m11.mx.aol.com
1 3613 omr-d03.mx.aol.com
1 3613 omr-m07.mx.aol.com
1 3613 omr-m08.mx.aol.com
1 3590 omr-d07.mx.aol.com
1 3588 omr-m09.mx.aol.com
1 3433 omiros.cytanet.com.cy
1 2776 mc3-s15.law16.hotmail.com
1 2761 f7.law8.hotmail.com
1 2613 goliath.sylaba.poznan.pl
1 2567 oe14.pav2.hotmail.com
1 1308 mail2.caramail.com

Top 50 sending hosts by volume
------------------------------

9530 9213272 (skylight.gleemhost.net)
1306 1542139 local
1 73634 fep02-mail.bloor.is.net.cable.rogers.com
1 62184 maile.telia.com
1 62184 mailf.telia.com
3 10860 omr-m04.mx.aol.com
3 10846 omr-d02.mx.aol.com
1 8797 f56.pav2.hotmail.com
1 3615 omr-d05.mx.aol.com
1 3614 omr-m11.mx.aol.com
1 3613 omr-d03.mx.aol.com
1 3613 omr-m07.mx.aol.com
1 3613 omr-m08.mx.aol.com
1 3590 omr-d07.mx.aol.com
1 3588 omr-m09.mx.aol.com
1 3433 omiros.cytanet.com.cy
2 3340 dong.sebank.se
1 2776 mc3-s15.law16.hotmail.com
1 2761 f7.law8.hotmail.com
1 2613 goliath.sylaba.poznan.pl
1 2567 oe14.pav2.hotmail.com
1 1308 mail2.caramail.com

Top 50 local senders by message count
-------------------------------------

857 493060 nobody
449 1049079 root

Top 50 local senders by volume
------------------------------

449 1049079 root
857 493060 nobody

Top 50 destinations by message count
------------------------------------

21081 20735722 local
1934 1897927 mx1.mail.yahoo.com
414 871506 skylight.gleemhost.net
273 269187 mx4.mail.yahoo.com
266 259249 mx2.mail.yahoo.com
70 39096 mailin-03.mx.aol.com
68 39698 mx3.hotmail.com
65 37568 mx2.hotmail.com
63 35205 mailin-01.mx.aol.com
58 32302 mailin-02.mx.aol.com
51 29006 mx.netins.net
50 27725 mailin-04.mx.aol.com
46 26781 mx4.hotmail.com
45 26081 mx1.hotmail.com
39 21779 gateway.attbi.com
19 10795 bb-md2.onetel.net.uk
17 9528 bb-md1.onetel.net.uk
17 9489 mail03.tpgi.com.au
12 6736 mail02.tpgi.com.au
8 4923 mail.strathfield.nsw.gov.au
7 3927 mail01.tpgi.com.au
5 2869 mail.decolin.com
5 2807 mx.lax.untd.com
5 2775 phillip.hogia.net
4 131560 mail.seb.se
4 2782 yabbse.org
4 2264 earthalliance.com
4 2256 fe.mail.jippii.net
4 2256 fpo.mail.dk
4 2200 mx10.tds.net
4 2184 eumailbox.mail.spray.net
4 2184 mail.tah-usa.net
4 2172 hargray.com.infoave.mail1.psmtp.com
3 1899 foxtrot4.barksdale.af.mil
3 1707 mk-cpfront-8.mail.uk.tiscali.com
3 1698 mk-cpfront-7.mail.uk.tiscali.com
2 1380 mx03.earthlink.net
2 1326 mail.thesnakehole.com
2 1191 mx01.charter.net
2 1176 fsirx.com
2 1166 mx2.optonline.net
2 908 keithloo.com
1 8797 mail.wacc.net
1 753 mx00.earthlink.net
1 720 mail-in.pol.net.uk
1 718 punt-1.mail.demon.net
1 704 mx01.iprimus.com.au
1 686 bubble.oceanfree.net
1 682 mx01.earthlink.net
1 673 mx06.earthlink.net

Top 50 destinations by volume
-----------------------------

21081 20735722 local
1934 1897927 mx1.mail.yahoo.com
414 871506 skylight.gleemhost.net
273 269187 mx4.mail.yahoo.com
266 259249 mx2.mail.yahoo.com
4 131560 mail.seb.se
68 39698 mx3.hotmail.com
70 39096 mailin-03.mx.aol.com
65 37568 mx2.hotmail.com
63 35205 mailin-01.mx.aol.com
58 32302 mailin-02.mx.aol.com
51 29006 mx.netins.net
50 27725 mailin-04.mx.aol.com
46 26781 mx4.hotmail.com
45 26081 mx1.hotmail.com
39 21779 gateway.attbi.com
19 10795 bb-md2.onetel.net.uk
17 9528 bb-md1.onetel.net.uk
17 9489 mail03.tpgi.com.au
1 8797 mail.wacc.net
12 6736 mail02.tpgi.com.au
8 4923 mail.strathfield.nsw.gov.au
7 3927 mail01.tpgi.com.au
5 2869 mail.decolin.com
5 2807 mx.lax.untd.com
4 2782 yabbse.org
5 2775 phillip.hogia.net
4 2264 earthalliance.com
4 2256 fe.mail.jippii.net
4 2256 fpo.mail.dk
4 2200 mx10.tds.net
4 2184 eumailbox.mail.spray.net
4 2184 mail.tah-usa.net
4 2172 hargray.com.infoave.mail1.psmtp.com
3 1899 foxtrot4.barksdale.af.mil
3 1707 mk-cpfront-8.mail.uk.tiscali.com
3 1698 mk-cpfront-7.mail.uk.tiscali.com
2 1380 mx03.earthlink.net
2 1326 mail.thesnakehole.com
2 1191 mx01.charter.net
2 1176 fsirx.com
2 1166 mx2.optonline.net
2 908 keithloo.com
1 753 mx00.earthlink.net
1 720 mail-in.pol.net.uk
1 718 punt-1.mail.demon.net
1 704 mx01.iprimus.com.au
1 686 bubble.oceanfree.net
1 682 mx01.earthlink.net
1 673 mx06.earthlink.net

Top 50 destinations by message count
------------------------------------

21081 20735722 local


Top 50 sending hosts by volume
------------------------------

9530 9213272 (skylight.gleemhost.net)
1306 1542139 local

Fork Bomb? I don't really know man. Hopefully someone will help ya out.

I've just recieved my 10,000th e-mail or so...

I'm hurting over here ;(

anyone know what I can do?

How many email accounts are receiving all those spams? Is it only one hosted domain affected?

How about adding those emails or domain to the /etc/mail/access as REJECT?

How many email accounts are receiving all those spams? Is it only one hosted domain affected?

4 or 5 e-mail accounts are getting all the spam. Unfortunately, they are all the main e-mail accounts we use for the site.

All the e-mails are coming from randomly generated domains. None of them are from the same account, nor the same domain. And all of their subject lines are randomly generated strings.

Tough!

But even if I use something that stops them at the subject line, it will still reach my mail server and shut me down =(

Wow that's tough ...

Another suggestion: to ward off the attacks for the mean time, how about you set up a form mail CGI on your main website and then bounce off all affected emails with a message telling people to contact you via the form mail.

To prevent automated attack with this form mail CGI, require the sender to type in some numbers shown in an image on the page before the email can be sent.

Good luck!

Hmmmm........

if say it was a webhosting company mail server and you only have like 20 e-mail addresses for e-mails related to sales, tech support, etc. etc...

here's what i do.
first what you do is, you post on your website what the exact subject line must be for the e-mail to be sent and receieved...
say for sales questions, the subject line has to be "Sales Question" in any case (uppercase, lowercase...)

it may cause trouble and confusion at first but it'll certainly stop spam by 99%. if people notice you aren't replying back, they'll visit the website and see the instructions... problem solved.

just do that for every single company e-mail (what subject line to allow and what not to).

what you can also do to seperate possible "legit" e-mails with spam is to make it so... another inbox allows "possible legit e-mails by checking whether one of the words in the suggested subject line is in the subject line... so for "Sales Question" either "Sales" or "Question" has to be in the subject line.

the rest goes into the spam mail in which case, gets flushed down the toilet.

it might be a tedius task, but it'll pay off in the long run.

i'm sure they've got a program that'll do all that for you in a much simpler way, but i tend to do things manually.

you could change your email links to a form based mailer so the email link is hidden in the script. then block all addresses except the address used in your form. if you use a randomly chosen address i.e. 12345abcde@mydomain.com then it will reduce the chance of them guessing the new address as well.

then you set your reply-to address on all mails you send to no-reply@mydomain.com and include in your email footer a link to the mail form asking for all communications to be directed through the site.