Re: [cobalt-users] Getting Mail Bombed!

[Elmer Fuddpucker <elmer@xxxxxxxxxxxxxx>]

On Sun, 22 Jul 2001, Carrie Bartkowiak wrote:

} it doesn't receive mail? That way the messages would bounce - but
} hell, you'd have to leave it off for 4 days before the mailing server
} would give up attempting. Ne'er mind.

Not true. If the site is being mail bombed setting sendmail to
reject the messages with, as example, a "no such user" rule
would result in each attempt to mail it generating an error
message which would then be sent back to the originator of the
attack. If you are getting hit hard this can quickly eat of great
amounts of bandwidth, which you may very well have to pay for, so it
might not be a good idea in your case but you could do this by
adding an applicable rule to your server's sendmail access file"

DomainName.ext	ERROR:"550 Mail Disabled For This Host"

	About a year ago or so we had a similar problem originating
from a huge consulting firm. Their "engineer's, of course, would not
investigate as I was a nobody. Neither would their upstream.
Desperate, I blocked them with a similar sendmail rule ("Take
Your Spam and Shove It") then sat here and watched as error message
after error message was sent their way. It took about 3 or 4 hours
but eventually their engineers called us... It turned out that all
the error messages not only choked their email server, but they
caused some problems for their upstream too, who happened to be
acting as a 'smart relay'. Worse yet, perhaps, I kept track of my
time and billed them some $900.00 for "Attack Management". They
didn't pay, of course, so I went to small claims court and won a
judgement against them. They haven't paid that either but it looks
good hanging on the wall...

	brent

	Elmer Fuddpucker's WWW Directory
	http://www.fuddpucker.com/