[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Block notification / bounce mails (as in DDOS)

point the mx to 127.0.0.1 or localhost for 3 days

> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of Koen
> Sent: Thursday, April 01, 2004 8:29 PM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] Block notification / bounce mails (as in
> DDOS)
> 
> 
> Niek Baakman wrote:
> >> <question>
> >> What would you do when a spammer uses your mail-address as the "From:" 
> >> and the mails that are sent by the spammer get all bounced back by 
> >> legitimated mail-servers to your mailhandlers? All the bounces would 
> >> return to you - as you are the 'from' (assume a rate of 1.000 a 
> >> minute) and this traffic would kill your network-connection. You 
> >> wouldn't be able to receive any mail because your mailserver can no 
> >> longer handle the load
> >> </question>
> > 
> > - Apply filters on your mailserver.
> These filters will not react because my mailserver 'is' already dead.
> > - If it doesn't harm other employees: temp. change the mx record.
> How would changing my mx-records affect the outcome?
> When the first mailhandler can't handle the load, mail will be 
> picked up by 
> the 'backup-mailserver'..but this would in effect only cascade to 
> the other 
> (backup)mailservers and as a result they would eventually also 
> dye. I think 
> this is only a solution if I can add serveral (and I mean lots of) 
> backupmailservers so that the load is spread. I think this is not 
> really an 
> option.
> 
> Thanks for the reponse.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html