Mail Bomb(s)
 

Let me preface this with a big THANK YOU; Hopefully somebody here will be able to help me out--

How should I go about setting up a defense for mass mail bombs that are coming against me and mine? The associated email address and domain names are spoofed. The IP address might be as well and I don't ahve time right ow to cross check their listings for a suspected location that would illustrate a not-so-shocking origin point...??(it wouldn't surprise me to find out that somebody from a specific location would be trying to do this to me and mine)

Can somebody suggest a setup that will filter out these pains-in-my-a$$?

Many thanks!

Which MTA are you using ?
Are the domain names valid ?
Does the sender address exist ?

If you are using Postfix you should reject email from non-existant domains. And in that case you could do a sender address check for the domains that are commonly spoofed ... don't do a sender address verification for all domains though since this is a resource intensive task!

Plus look at the IP address. If it's not spoofed, use iptables/ipchains and block packets from the address. It should help.

Q. MTA-- Microsoft Transfer Agent?
A. No Microsoft products in the line

Q. Are the Domain Names valid?
A. Yes. But they keep changing.

Q. Does the senders address exist?
A. Yes. but again, they continue to change.

MTA = mail transport agent


I didn't expect a M$ product otherwise I wouldn't offer help :-p

your best bet is a combination of procmail, spamassassin and vipul's razor. They work a treat for me.

Alex

Thnkx. I will give that a shot.

(It's out-of-hand)

The IP Addresses are being spoofed from almost everywhere ranging from China, Korea, Brazil to California (to name a few)

Fun-stuff.

Thanks for the direction.