Re: Horiffic SPAM

From: Richard B. Johnson
Date: Wed Sep 24 2003 - 09:18:55 EST

Next message: Roman Zippel: "Re: log-buf-len dynamic"
Previous message: Stephen C. Tweedie: "Re: [PATCH] ide-io.c, kernel 2.4.22 Fix for IO stats in/proc/partitions, was Re: sard/iostat disk I/O statistics/accounting for2.5.8-pre3"
In reply to: Paul Dickson: "Re: Horiffic SPAM"
Next in thread: Helge Hafting: "[OT] Re: Horiffic SPAM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 23 Sep 2003, Andrea Arcangeli wrote:

> On Tue, Sep 23, 2003 at 02:11:59PM -0400, Richard B. Johnson wrote:
> > Hello all,
> >
> > I took root@xxxxxxxxxxxxxxxxxx off the linux-kernel list
> > for a few days so I can trap the spammers and write their
> > addresses to `ipchains`. I have been getting approximately
> > 12,000 email messages per day on that system, making it
> > impossible to use. It's all about the servers spreading
> > the M$ email virus with the phony message to update to the
>
> the baesyan algorithm learnt about them pretty quickly, so they don't
> hurt me anymore (besides some wasted bandwidth).
>
> I doubt answerning those messages will do any good besides generating
> more traffic, but I don't know the detail of the virus so I could be
> wrong.
>

Well it seems that fire-walling the SPAM servers is *not* a good idea.
They are persistant, gang up, and will not give up until they are
able to deliver the mail! When I firewall them, my network traffic
ends up being continuous SYN floods as every spam-server in the
country tries to connect. It doesn't do any good to set `ipchains` to
REJECT instead of DENY. They just keep on banging on the door.

This morning, there was too much traffic on our T3 link to use
a Web crawler, so I had to un-firewall my machine to get about
100,000 (maybe more) mail messages delivered and thrown away.
Procmail is throwing away everything as fast as it can. The
hard-disk LEDs are on continuously, and it takes about 20
seconds to log in. The machine has been eating SPAM mail since
7:00 this morning and it's now 10:15. Maybe, eventually, I
will be able to use my machine again.

To give you a hint of the size of the problem, my /var/log/messages
which logs sendmail activity is about 12 Gb in length. I truncated
it to zero this morning.

Richard B. Johnson
Project Engineer
Analogic Corporation
Penguin : Linux version 2.2.20 on an i586 machine (330.14 BogoMips).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roman Zippel: "Re: log-buf-len dynamic"
Previous message: Stephen C. Tweedie: "Re: [PATCH] ide-io.c, kernel 2.4.22 Fix for IO stats in/proc/partitions, was Re: sard/iostat disk I/O statistics/accounting for2.5.8-pre3"
In reply to: Paul Dickson: "Re: Horiffic SPAM"
Next in thread: Helge Hafting: "[OT] Re: Horiffic SPAM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]