SMTP and Spam -- iis smtp nntp

Shane
6/19/2006 5:14:01 PM

I've been getting the same problem as HostmasterX posted on June1.
In my situation the Domain Controller is smtp server and the badmail folder
was on the systems partion. The whole shebang came to a grinding halt a
couple of days ago.
With a little ferretting I found that my badmail folder was enormous. Right
click properties..... waited 2.5 hours until I cancelled at which stage it
was over a million files and several gigabytes. To big to delete with
windows. So I made a new folder Badmail2 and redirected. At DOS prompt
deleted Badmail\*.*, which I might add took 12 hours. I then moved the
Badmail folder to it own partion.
I am still being spammed at the rate of between 200 and 4000 an hour. The
badmails are all NDRs.
The original emails usually have no subject or content, although in one set
I appear to have been sent the entire LORD OF THE RINGS in 1K blocks. and the
addresses well arnoldschwezzernagger@........ etc. I've set the retry
interval to 1 - 2 - 3 minutes and time to live at 3 minutes just to get the
queue to a reasonable level and delete the badmail twice daily.
By the way the server is on the other side of a firewall router.

pblse2
6/19/2006 11:15:47 PM

That doesnt seem like spam, it seems more like you were under somekind
of denial or service attack.

You could register a script to get rid of the NDR's, although that
breaks the RFC I'm not sure NDR's are that useful to begin with.

PL.

[quoted text, click to view]

Shane
6/20/2006 1:41:02 AM

Thanks pblse2 for the thoughts. I have already scheduled a script to delete
the NDRs. I thought it was some kind of probe looking for valid email
addresses. Is there an acknowledgement when an email is successfully
delivered? I am managing it now but it is using the systems resources.

[quoted text, click to view]

pblse2
6/20/2006 4:10:41 AM

[quoted text, click to view]

I ment register into the smtp pipeline itself, either you check the
existance of the mailbox and deny delivery or you simply stop the ndr
on it's way out.

Do you use the built in pop3 service on the machine or is this server
forwarding to another server ? I have a script that checks for the
existance of mailboxes I can send to you but it only works if the
mailboxes are on the server itself.

It effectively just ignores emails sent to an account that doesnt
exist.

PL.

Shane
6/20/2006 8:59:02 AM

That would be excellent. The server in question has the pop3 accounts and
that is exactly what I been trying to do. If you could forward the script to
me I'd be really grateful. I've had 3236 NDRs in the last 4 hours.

[quoted text, click to view]

pblse2
6/20/2006 10:14:26 AM

[quoted text, click to view]

I put it up on my website:
http://www.lundin.info/files/filterrecipients.zip

Make sure you read the readme.txt

PL.

Shane
6/21/2006 1:59:01 AM

Up and running. Excellent results. Impressed by your code easy to read.
I had a thought that it could easily be modified to a filter spam, check the
subject, and or if message size = 0

[quoted text, click to view]

pblse
6/22/2006 9:05:39 PM

[quoted text, click to view]

Great, thanks :)

[quoted text, click to view]

Yes, it could be used to filter spam, you could for example parse the Body
property of the message for keywords but I'm not sure how efficent it would
be.

PL.

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about iis smtp nntp

iis smtp nntp : SMTP and Spam