Fighting off spammers...

Spent most of the day a couple of days ago dealing with a reverse-NDR attack on one of our sites. It wasn't fun. As it turns out there doesn't seem to be a great way of dealing with this sort of thing apart from a couple of proprietary systems that "watermark" outgoing messages so that all inbound NDRs can be sanitised straight away.

Apart from that there was a some analysis to establish sources, eliminate possible configuration errors (yes, it's possible :-)), open relays, compromised passwords, a lot of looking at queues and cleansing them to get rid of the dirty NDRs.

At one point we had about 3 NDRs per second being generated to just one server run by a US-based anti-spam provider. That was only one of the dozens of queues building up on this server. The most visible effect of this entire issue was that the email server was consuming all available bandwidth - which is when the phone starts ringing here!