26 Feb
2016
26 Feb
'16
12:41 a.m.
On 02/25/2016 03:41 PM, Mouse wrote:
They weren't 'handling' it - sorry if I typed something confusing. They
were merely
noticing the volume of traffic heading to our SMTP servers from their
infrastructure.
Our ISP at that time was a small, local outfit and we knew all the tech
support folks
personally. I guess they saw this traffic while trying to analyse why
there was so
much 'noise' in the data THEY processed locally.
Your described hack sounds like something my 'network admin' did for
us. Made some
very light-weight decisions to try and drop as much as possible. He was
(is) a Perl GURU,
now working for the ISP mentioned. Alas, we are no longer with them as
we are beyond
DSL distance (due to more off-topic noise about our local phone company.)
Our volume is much lighter these days but I'm always trying to improve
stuff (still
way too much spam) so, thanks. I will probably grab a copy of what you
did and see
if it can be of use to us. *THANKS*
Now back to regular on topic stuff.
-- -Gary
[...ao.com...]
At the point where we finally sold the domain to be rid of this issue
(and make a few $) we were processing in excess of *300000* messages
a day. This is for a 7 person company. It was more than 50% of the
email processed by our ISP. Our DSL router throttled the SMTP
requests so we could SOME work done during the day.
Hm? You're implying your
ISP was handling your mail, but then you
imply you were handling your own mail. I'm a little confused.
The main reason I'm writing, though, is a bit different.
That there's a company I know that was in a somewhat similar position -
they were getting so much spam bounce blowback that they were shutting
off all incoming SMTP during the day to keep the machine up. I wrote a
very lightweight SMTP server for them; it accepts connections and talks
SMTP until it gets a valid recipient, and then - and only then -
connects through to the real SMTP server and passes protocol both ways.
It was very good at turning away mail to unknown addresses. There was
one time when some host in south-east Asia opened about 100 parallel
connections and started a dumb-as-rocks dictionary attack. It turned
away many tens of thousands of unknown recipients in something like
thirty seconds, and, even knowing exactly when it happened, I couldn't
find the blip on our load graphs - it was drowned out by the noise. If
I hadn't been reading the logs for other reasons and stumbled across it
I never would have known it happened at all.
Obviously, it's of no direct use to you now that you don't hold ao.com
any longer. But in case you - or anyone else - is interested, I got
their approval to open the code up; it's available to anyone who cares
to fetch a copy. ftp.rodents-montreal.org:/pub/mouse/misc/mail/shim.
is the place to look for those interested.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B