I've had a colo'd server with ServerMatrix/ThePlanet (for personal and friend's sites) for about 9 months now without problem.. Today I went checking in orbit, their backend thing to see my bandwidth usage.. I was surprised to see about 1.5mbit/s sustained usage.. Investigating further, I found an IP, 126.96.36.199 had tons of SMTP connections open to my system..
Qmail is the mail server I run (primarily because it was easy to setup) and I know that it's not an open relay (at least the configuration isn't, and any online open relay test I could find said it isn't). Anyways, looking at my logs, it looks like that system was constantly trying to send messages through my system.. It seems that qmail was accepting the messages but obviously not delivering them. Anyways, I blocked that ip and all's well now, but I'm wondering if any of you have had this happen?
I put in a script to alert me of huge bandwidth spikes like that, but it freaked me out thinking what the overage would cost me if I didn't notice it until later. Anyone else seen something like that? Anyone know what "Flexible Technologies" is? I'm assuming it's a spammer, but I don't know for sure.
Unfortunately it is a common problem these days with any mail system that is configured for "catch-all" accounts. One solution is to install the Qmail chkuser patch which will check Vpopmail first to see if the account exists before accepting the mail for delivery.
A good spot to stop by for advice/tutorials on the chkuser patch is: http://www.shupp.org, Bill does a great job with the Qmail toaster he has running over there and runs a very good mailing list.
Hope this helps,
The Maag Group - Intelligent IT Solutions • Colocation • Dedicated Servers • Server Administration • www.maaggroup.com • 877.622.4477