Re: Email Spam a bit of Hell
This WebDNA talk-list message is from 2004
It keeps the original formatting.
numero = 57877
interpreted = N
texte = Sorry, I misunderstood your problem.You could only allow SMTP connections from known IP range until it stops.Here is a posting explaining your problem.http://www.nettwerked.net/auto-rep-hack.htmlIt sucks that you have to deal with this. Salvatore B. D'AnnaDotNetNuke HostingV:(619)306-7606F: (619)374-2268http://DotNetNukeHosting.com -----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com] On Behalf Of SalSent: Monday, May 17, 2004 10:25 AMTo: WebDNA TalkSubject: Re: Email Spam a bit of HellHi Alex,How are the connections to the SMTP allowed in the first place?Do you do any kind of SMTP Authentication?My server requires Authentication, IE username and password before theconnection is established. Salvatore B. D'AnnaDotNetNuke HostingV:(619)306-7606F: (619)374-2268http://DotNetNukeHosting.com -----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com] On Behalf Of AlexMcCombieSent: Monday, May 17, 2004 6:07 AMTo: WebDNA TalkSubject: OT: Email Spam a bit of HellI figured if nothing else you guys might relate to this. At best you mighthave some ideas that I havent tried.This weekend I noticed some unusual activity on the server. Essentially myEIMS server (email) was going crazy. Now I take great care in keeping allopen relays locked down so even though at first it looked like a relayattack it turned out to be something completely different.SMTP connections from email servers all over the world were constantlyslamming the machine. At first I started looking at the Ips but they offeredno common pattern. Since I keep the number of smtp connection limited, themail server was becoming essentially useless since the SMTP connection limitwas constantly maxed.Sooooo, doing some check to see what the hell was going on I checked theerror logs discovered that each smtp connection was trying to send email toa not existing account at one of my domains (one of my primary domains tomake matters worse). They would get an smtp connection and then sit thereuntil the server returned a 550 error (not valid address), only to beinstantly replaced by the next random SMTP.So in an effort to see WTF, I enabled the mail account and forwarded it tome briefly. Immediately my account was flooded with "FAILED to DELIVER"messages for some spam message. Some of the better returns showedoriginating IP's overseas. But remember, these message had nothing to dowith us or our server but rather simply had a wrong reply to address (ainvalid account on my primary domain).Shoot me.I tried opening the account up thinking I would just field the bouncebacks... But after thousands it was clear this was not your average spammailing and I might be dealing with hundreds of thousands or more! And ofcourse the whole time these bounce back are maxing out the servers abilityto receive email.So what's a poor bastard to do?Basically the only thing I could come up with was to first reprogram any ofthe forms across various sites that used the domain name for form mail. Thatcleaned up all but one email account (the one on all our letterhead andbusiness cards :-( and then change the NDS records to point the MX record toanother machine. Currently that machine does NOT have an email server on itso the connections arent going anywhere. Not sure I should even bother totry and set it up...Sometime around 3 am or so I started seeing the first noticeable differencein email responsiveness as the dns pointed the thousands of mail servers offto a uncaring IP.Just hell. Its amazing how someone else's BS action can all but crush anetwork.Anyway, I guess this isnt a cry for help as much as it is one for pity ..lolIf anyone has another idea I would love to hear it because I racked my braintrying to dig out from under this. I figure I will let the DNS sit for 2-3days before I hold my breath and point it back.My Monday started last night at 6pm...I am tired ;-)!!!!AlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/__________ NOD32 1.762 (20040516) Information __________This message was checked by NOD32 Antivirus System.http://www.nod32.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/__________ NOD32 1.762 (20040516) Information __________This message was checked by NOD32 Antivirus System.http://www.nod32.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Sorry, I misunderstood your problem.You could only allow SMTP connections from known IP range until it stops.Here is a posting explaining your problem.http://www.nettwerked.net/auto-rep-hack.htmlIt sucks that you have to deal with this. Salvatore B. D'AnnaDotNetNuke HostingV:(619)306-7606F: (619)374-2268http://DotNetNukeHosting.com -----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com] On Behalf Of SalSent: Monday, May 17, 2004 10:25 AMTo: WebDNA TalkSubject: Re: Email Spam a bit of HellHi Alex,How are the connections to the SMTP allowed in the first place?Do you do any kind of SMTP Authentication?My server requires Authentication, IE username and password before theconnection is established. Salvatore B. D'AnnaDotNetNuke HostingV:(619)306-7606F: (619)374-2268http://DotNetNukeHosting.com -----Original Message-----From: WebDNA Talk [mailto:WebDNA-Talk@talk.smithmicro.com] On Behalf Of AlexMcCombieSent: Monday, May 17, 2004 6:07 AMTo: WebDNA TalkSubject: OT: Email Spam a bit of HellI figured if nothing else you guys might relate to this. At best you mighthave some ideas that I havent tried.This weekend I noticed some unusual activity on the server. Essentially myEIMS server (email) was going crazy. Now I take great care in keeping allopen relays locked down so even though at first it looked like a relayattack it turned out to be something completely different.SMTP connections from email servers all over the world were constantlyslamming the machine. At first I started looking at the Ips but they offeredno common pattern. Since I keep the number of smtp connection limited, themail server was becoming essentially useless since the SMTP connection limitwas constantly maxed.Sooooo, doing some check to see what the hell was going on I checked theerror logs discovered that each smtp connection was trying to send email toa not existing account at one of my domains (one of my primary domains tomake matters worse). They would get an smtp connection and then sit thereuntil the server returned a 550 error (not valid address), only to beinstantly replaced by the next random SMTP.So in an effort to see WTF, I enabled the mail account and forwarded it tome briefly. Immediately my account was flooded with "FAILED to DELIVER"messages for some spam message. Some of the better returns showedoriginating IP's overseas. But remember, these message had nothing to dowith us or our server but rather simply had a wrong reply to address (ainvalid account on my primary domain).Shoot me.I tried opening the account up thinking I would just field the bouncebacks... But after thousands it was clear this was not your average spammailing and I might be dealing with hundreds of thousands or more! And ofcourse the whole time these bounce back are maxing out the servers abilityto receive email.So what's a poor bastard to do?Basically the only thing I could come up with was to first reprogram any ofthe forms across various sites that used the domain name for form mail. Thatcleaned up all but one email account (the one on all our letterhead andbusiness cards :-( and then change the NDS records to point the MX record toanother machine. Currently that machine does NOT have an email server on itso the connections arent going anywhere. Not sure I should even bother totry and set it up...Sometime around 3 am or so I started seeing the first noticeable differencein email responsiveness as the dns pointed the thousands of mail servers offto a uncaring IP.Just hell. Its amazing how someone else's BS action can all but crush anetwork.Anyway, I guess this isnt a cry for help as much as it is one for pity ..lolIf anyone has another idea I would love to hear it because I racked my braintrying to dig out from under this. I figure I will let the DNS sit for 2-3days before I hold my breath and point it back.My Monday started last night at 6pm...I am tired ;-)!!!!AlexAlex J McCombie New World MediaChief Information Officer Box 124888/892.6379 MartVille, NY 13111Alex@NewWorldMedia.com http://OurClients.comInterface Designer WebDNA Programmer Database Designer-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/__________ NOD32 1.762 (20040516) Information __________This message was checked by NOD32 Antivirus System.http://www.nod32.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail toWeb Archive of this list is at: http://webdna.smithmicro.com/__________ NOD32 1.762 (20040516) Information __________This message was checked by NOD32 Antivirus System.http://www.nod32.com-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
"Sal"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCat 3.0 License for sale.... (2000)
[cart]'s ever get recycled? (2000)
Separate SSL Server (1997)
RE: [WebDNA] Record click-thrus (2008)
Re:UPS, FEDEX TRACKING (1999)
Undeclared variables (2004)
New public beta available (1997)
[WebDNA] Sending 100 mails an hour then pausing (2010)
WebCommerce: Folder organization ? (1997)
quotation marks (2004)
Access file on a remote server (2003)
instant cookies? (1999)
WebCat2: Items xx to xx shown, etc. (1997)
WebCat2.0 [format thousands .0f] no go (1997)
Date/Time format problems (1997)
form crasehes server (1997)
suffix mapping for NT? (1997)
Questions To Answer (1997)
FM PRO Compatibility Issue - Single Database w/o Conversions (1997)
[WebDNA] Brian Harrington (2019)