Denial of Service via UCE
Hi, this is not particularly a debian related question but this is the
most knowledgable list that I track, and I hope someone here might have a
"miracle answer" that we can't think of.
I take care of an email system for a high school in the Kingdom of tonga.
They're on a 32K link. Recently, some unknown purveyor of evil (Spam
Company) has decided to start sending large amounts of spam about various
penny stocks. The distribution is huge because I've gotten some of these
and I don't get that much spam.
Unfortunately, they decided to set their MAIL FROM to be an account that
doesn't and never has existed at the school. This has caused mail servers
from all over the world to send back failure notices to this account,
effectively shutting down internet access at the school.
The school asked me what they could do about it, and my answer for them is
"pretty much nothing". The only reasonable thing we could think of would
be to get a relay at an external site that could filter this stuff out
before it forwarded it to the school.
On the technical front, I've modified postfix to deny the messages at the
MAIL FROM: point with an smtpd_recipient_restriction, and that's reduced
the traffic enough that they can use the net and the school's real email
can get through, but I and my business partner here can't think of
anything else to do.
On the social front, I've sent some threatening emails to the companies
that are advertised, but because they're penny stocks, I think the
companies might not be involved at all, someone is just buying these guys
at .03 a piece and hoping the spam will bring them up to .05.
Anyone have any other ideas? It's not like I can ban most of the mail
servers on the internet (a large portion of the traffic is coming from
msn, hotmail, et al).
Thanks for any advice.
ph-27946 or 878-1332