|
|
|
| I've been getting the same problem as HostmasterX posted on June1.
In my situation the Domain Controller is smtp server and the badmail folder
was on the systems partion. The whole shebang came to a grinding halt a
couple of days ago.
With a little ferretting I found that my badmail folder was enormous. Right
click properties..... waited 2.5 hours until I cancelled at which stage it
was over a million files and several gigabytes. To big to delete with
windows. So I made a new folder Badmail2 and redirected. At DOS prompt
deleted Badmail\*.*, which I might add took 12 hours. I then moved the
Badmail folder to it own partion.
I am still being spammed at the rate of between 200 and 4000 an hour. The
badmails are all NDRs.
The original emails usually have no subject or content, although in one set
I appear to have been sent the entire LORD OF THE RINGS in 1K blocks. and the
addresses well arnoldschwezzernagger@........ etc. I've set the retry
interval to 1 - 2 - 3 minutes and time to live at 3 minutes just to get the
queue to a reasonable level and delete the badmail twice daily.
By the way the server is on the other side of a firewall router.
??? is there anything else I can do.
| |
| pblse2 2006-06-20, 1:15 am |
|
That doesnt seem like spam, it seems more like you were under somekind
of denial or service attack.
You could register a script to get rid of the NDR's, although that
breaks the RFC I'm not sure NDR's are that useful to begin with.
PL.
Shane wrote:
> I've been getting the same problem as HostmasterX posted on June1.
> In my situation the Domain Controller is smtp server and the badmail folder
> was on the systems partion. The whole shebang came to a grinding halt a
> couple of days ago.
> ......
>??? is there anything else I can do.
| |
| pblse2 2006-06-20, 1:36 am |
|
That doesnt seem like spam, it seems more like you were under somekind
of denial or service attack.
You could register a script to get rid of the NDR's, although that
breaks the RFC I'm not sure NDR's are that useful to begin with.
PL.
Shane wrote:
> I've been getting the same problem as HostmasterX posted on June1.
> In my situation the Domain Controller is smtp server and the badmail folder
> was on the systems partion. The whole shebang came to a grinding halt a
> couple of days ago.
> ......
>??? is there anything else I can do.
| |
|
| Thanks pblse2 for the thoughts. I have already scheduled a script to delete
the NDRs. I thought it was some kind of probe looking for valid email
addresses. Is there an acknowledgement when an email is successfully
delivered? I am managing it now but it is using the systems resources.
"pblse2" wrote:
>
> That doesnt seem like spam, it seems more like you were under somekind
> of denial or service attack.
>
> You could register a script to get rid of the NDR's, although that
> breaks the RFC I'm not sure NDR's are that useful to begin with.
>
> PL.
>
> Shane wrote:
>
>
| |
| pblse2 2006-06-20, 6:10 am |
|
Shane wrote:
> Thanks pblse2 for the thoughts. I have already scheduled a script to delete
> the NDRs. I thought it was some kind of probe looking for valid email
> addresses. Is there an acknowledgement when an email is successfully
> delivered? I am managing it now but it is using the systems resources.
I ment register into the smtp pipeline itself, either you check the
existance of the mailbox and deny delivery or you simply stop the ndr
on it's way out.
Do you use the built in pop3 service on the machine or is this server
forwarding to another server ? I have a script that checks for the
existance of mailboxes I can send to you but it only works if the
mailboxes are on the server itself.
It effectively just ignores emails sent to an account that doesnt
exist.
PL.
| |
|
| Thanks pblse2 for the thoughts. I have already scheduled a script to delete
the NDRs. I thought it was some kind of probe looking for valid email
addresses. Is there an acknowledgement when an email is successfully
delivered? I am managing it now but it is using the systems resources.
"pblse2" wrote:
>
> That doesnt seem like spam, it seems more like you were under somekind
> of denial or service attack.
>
> You could register a script to get rid of the NDR's, although that
> breaks the RFC I'm not sure NDR's are that useful to begin with.
>
> PL.
>
> Shane wrote:
>
>
| |
| pblse2 2006-06-20, 7:25 am |
|
Shane wrote:
> Thanks pblse2 for the thoughts. I have already scheduled a script to delete
> the NDRs. I thought it was some kind of probe looking for valid email
> addresses. Is there an acknowledgement when an email is successfully
> delivered? I am managing it now but it is using the systems resources.
I ment register into the smtp pipeline itself, either you check the
existance of the mailbox and deny delivery or you simply stop the ndr
on it's way out.
Do you use the built in pop3 service on the machine or is this server
forwarding to another server ? I have a script that checks for the
existance of mailboxes I can send to you but it only works if the
mailboxes are on the server itself.
It effectively just ignores emails sent to an account that doesnt
exist.
PL.
| |
| Shane 2006-06-20, 10:59 am |
| That would be excellent. The server in question has the pop3 accounts and
that is exactly what I been trying to do. If you could forward the script to
me I'd be really grateful. I've had 3236 NDRs in the last 4 hours.
>
> Do you use the built in pop3 service on the machine or is this server
> forwarding to another server ? I have a script that checks for the
> existance of mailboxes I can send to you but it only works if the
> mailboxes are on the server itself.
>
> It effectively just ignores emails sent to an account that doesnt
> exist.
>
> PL.
>
>
| |
| pblse2 2006-06-20, 12:14 pm |
|
Shane wrote:
> That would be excellent. The server in question has the pop3 accounts and
> that is exactly what I been trying to do. If you could forward the script to
> me I'd be really grateful. I've had 3236 NDRs in the last 4 hours.
I put it up on my website:
http://www.lundin.info/files/filterrecipients.zip
Make sure you read the readme.txt
PL.
| |
|
| That would be excellent. The server in question has the pop3 accounts and
that is exactly what I been trying to do. If you could forward the script to
me I'd be really grateful. I've had 3236 NDRs in the last 4 hours.
>
> Do you use the built in pop3 service on the machine or is this server
> forwarding to another server ? I have a script that checks for the
> existance of mailboxes I can send to you but it only works if the
> mailboxes are on the server itself.
>
> It effectively just ignores emails sent to an account that doesnt
> exist.
>
> PL.
>
>
| |
| pblse2 2006-06-20, 1:23 pm |
|
Shane wrote:
> That would be excellent. The server in question has the pop3 accounts and
> that is exactly what I been trying to do. If you could forward the script to
> me I'd be really grateful. I've had 3236 NDRs in the last 4 hours.
I put it up on my website:
http://www.lundin.info/files/filterrecipients.zip
Make sure you read the readme.txt
PL.
| |
|
| Up and running. Excellent results. Impressed by your code easy to read.
I had a thought that it could easily be modified to a filter spam, check the
subject, and or if message size = 0
"pblse2" wrote:
> I put it up on my website:
> http://www.lundin.info/files/filterrecipients.zip
>
> Make sure you read the readme.txt
>
> PL.
>
>
| |
|
| Up and running. Excellent results. Impressed by your code easy to read.
I had a thought that it could easily be modified to a filter spam, check the
subject, and or if message size = 0
"pblse2" wrote:
> I put it up on my website:
> http://www.lundin.info/files/filterrecipients.zip
>
> Make sure you read the readme.txt
>
> PL.
>
>
| |
|
| > Up and running. Excellent results. Impressed by your code easy to read.
Great, thanks 
> I had a thought that it could easily be modified to a filter spam, check
> the
> subject, and or if message size = 0
Yes, it could be used to filter spam, you could for example parse the Body
property of the message for keywords but I'm not sure how efficent it would
be.
PL.
| |
|
| > Up and running. Excellent results. Impressed by your code easy to read.
Great, thanks
> I had a thought that it could easily be modified to a filter spam, check
> the
> subject, and or if message size = 0
Yes, it could be used to filter spam, you could for example parse the Body
property of the message for keywords but I'm not sure how efficent it would
be.
PL.
|
|
|
|