View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Got Email DDOS attack
Log in to Ask a Question

Got Email DDOS attack

email

Hi,

I recently noticed in my exim log that I am getting a lot of random emails sent to non existing users at my domain.

These emails are just coming from random IP and are sent to random non existing user in my domain.

My exim setup only allow relay from locahost, and reject all other relay. But I am now getting about 1-2 every 5 seconds and my reject log is jammed with those reject message.

Is there any way I can block those spoof email? I have already setup script for iptable to block access from those random hosts.

What should I do next?

Thanks.

Kevin

3 Replies

Unfortunately, that's par for the course these days.

See, the spammers have realized that people are not posting their email addresses. So they've been guessing usernames at any domain they can find.

So if you can figure out how to block them, you've just fixed the spam problem.. :/

While I don't really know much about exim (I use sendmail), I'm pretty sure that you can set it up to use DNS-based IP blacklists. I make use of the SBL and XBL at Spamhaus, and they nip quite a lot of spam in the bud. The SBL covers known spam operations, and the XBL lists known "zombie" machines that send spam and email worms. I also have a local block list to which I add systems that send junk but haven't been listed in the Spamhaus lists.

Thanks for all the suggestions. And yes, my setup included all the possible mean of spam protection, using SBL from various sources, reject relay from anywhere other than localhost.

I guess the the question that I am still having is, is there any additional ways that I do to prevent spammer to send mail to random users on my domain. Although I am already rejecting all mail to unknow users on my host, I am trying to see if there are ways to add additional mean of protection on top of what I have had: iptables blocking, reject open relay, reject unknow user, and with the help of spamassassin.

When I am seeing on average of 1-2 emails sent to my domain's non-existing users every couple seconds or so, I am start to worrying about the server load and my bandwidth limit.

Thanks for all your help!

Regards,

Kevin

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct