On Mon, Nov 27, 2006 at 05:58:03PM +0100, Rene Luria wrote:
The amount of such emails (which we almost all reject, user unknown, etc.. because of the fake email addresses) is enormous compared to normal traffic (like 10 times what we have in general).
Do any of you experience the same problem ?
Yes, one of our client's domains got similarly pounded last week and back in October.
The problem was made worse by the fact that we had left the response code for a reject due to unknown recipient as 4xx, so naturally one of these emails resulted in many connection attempts if they came from a real mail server (as opposed to a zombie). At one point we were up to 500 connections per minute. The solution (in our case) was to set the response code to 5xx and accept the risk that mail will be rejected if the backend LDAP containing the mailbox names goes offline.
Things are much calmer now but the vast majority of the SMTP connection attempts are still for bogus usernames in this one domain.