An insidious spam botnet attacks Charly

BOT POSSE

Article from Issue 69/2006
Author(s):

While going about his normal duties, Linux Magazine author Charly Kühnast was hit with a mean attack. Charly’s separate anti-spam server, which sits in front of his mail server, saved him from the mail storm.

A sunny Tuesday in July. I’m just typing my Sysadmin column for Linux Magazine. It’s 2.00 pm by the time I take a glance at the monitor that gives me the latest load and traffic data for the critical servers I manage. Lo and behold, the reject line in the spam filter graph has just skyrocketed (See Figure 1). The article will have to wait. The server is rejecting large quantities of mail at an early stage of the SMTP dialog. I suspect a wave of spam with clumsily spoofed envelopes. That’s nothing new: for each legitimate email I receive, I get at least two spam mails. But I still decide to open an SSH connection to the spam filter, which is running on a separate machine, and I can’t believe my eyes when I discover 140 parallel SMTP connections. That’s ten times the normal level. And it’s unusual for the server just to drop the connections like that.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column

    At the Niederrhein University future admins implement spam defense mechanisms by attracting the attention of the Viagra Mafia. The results are pertinacious blacklists and expert knowledge of methods for combating the menace.

  • Spam Test

    Spam filters can help smooth the waves in your inbox, as long as they are reliable and don’t have too many side effects. We’ll show you what we found when we tested five antispam appliances and two service providers.

  • Amavisd-new

    Sometimes the best time to stop bad mail is before it arrives. AmavisdNew is an Open Source interface for integrating spam and virus filtering with your mail server.

  • Milter Manager 1.0.0 Combines Anti-Spam Filters

    Milter Manager, a program for mail filter interfaces to mail servers, is now in its first stable version 1.0.0. It allows combining multiple mail filters.

  • Sendmail Strategies

    A structured approach to Sendmail helps to maximize your spam and virus protection.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News