|
UPDATE: I receeived a telephone call from the CEO of Virtumundo named Scott who got caught in my viocemail, then another from their IP manager Bay who also got caught in voicemail. In any regard, I telephone a IP Manager named Bay who explained that they do email advertising and they probably got a bad list from a new client. He also explained that he would enter our domain name and have them filtered from future mailings and also look into adding the IP's of our MX SMTP servers so that they'd not cause grief to our hosted clients in the future. The amount of traffic has already dropped to a trickle.
Issure resolved and is now considered closed.
E-mail server spam denial of services issue
We are presently experiencing an issue with usernames and password timing out. Upon investigation we learned that some spammer is trying to send hundreds of thousands of emails thorugh our servers. This by itself isn't much of a problem as we run a pretty tight email server, however, when so many illegal requests are made then it can stop the legitimate requests from getting through.
We are watching the server closey today to monitor our ability to log on and get or send email.
We are also in the process of adding a third network backbone which will help us distribute the server workload for these types of events and expect that it'll be completed soon. The backbone is actually already in place but we need to configure the additional servers.
We've tracked down the company doing the spamming, but it appears they have a strong history. Some interesting information and links start at
http://thespamdiaries.blogspot.com/2007/08/virtumundo-wins-legal-fees-from-gordon.html
and http://www.rahul.net/falk/quickrefs.html#virtumundo
Go figure as soon as I left a comment via their contact page re: please cease... they started to hammer us even more :(
Visit Google for the many links about this company and their history:
http://www.google.com/search?q=virtumundo
Below is a clip of a couple of seconds from one of our logs to demonstrate the issue:
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:45 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
2008-11-20 09:26:46 H=(mx2.config.com) [96.11.61.120] F=<> rejected RCPT <
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
>: Unknown user
UPDATE:
I've been able to track the IP's down owned by the domain vm-mail.com and am working on finding resolution:
2008-11-20 09:59:29 Connection from [206.82.179.163] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.203] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.226] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.165] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.227] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.170] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.15] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.68] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.214] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.239] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.2] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.241] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.43] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.250] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.248] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.122] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.79] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.88] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.94] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.41] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.53] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.45] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.114] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.96] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.111] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.121] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.175] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.15] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.68] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.79] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.47] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.41] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.182.96] refused: too many connections
2008-11-20 09:59:29 Connection from [206.82.179.223] refused: too many connections
|
