OT: Email BOMB!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[Steve Lamb]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tuesday, December 05, 2000, 8:49:31 AM, Bill wrote:
> Through Spamcop I traced this to uu.net. I talked to uu.net security
> several time. The first time they said that they notified there
> reseller to take care of it.

    "Their reseller"?  Don't you mean their customer to whom they resell
service to?

> The second time they check the IP that I had and said that they were not
> connected at that time and there was nothing more than they could do.

    Which is true.

> When I talked to them the 3rd time they said that the problem was taken care
> of, but that the message where "in the system" and they could do no more.

    Esp. if they weren't being directed through uu.net's mail servers.  That
would be the domain of the mail servers the person sent the mail through.

> First how does this happen. Is there any place in the system that this could
> happen other than the orginal spammer. Ei, is there any way that he could
> have only sent one message and it got duplicated.

    Yes.  If someone had a mail loop somewhere.  The classic mail loop is when
someone decides to set up a vacation notification (completely stupid thing to
do, BTW, screams "ROB ME!") which replies to a mailing list that they are on.
They get a message, they send vacation notice to the list, the list propagates
the message to them, repeat.

> The next part is there any way to control the messages after they get
> into the system (other that a block at my ISP)?

    Call your ISP, tell them there is a denial of service going on against you
through mail.  In most cases they /should/ block that mail server with a
non-trasient error so all the messages bounce with the least amount of
traffic.

    When it comes to a mail DOS like that you must remember your ISP's mail
servers are also getting hammered.  Informing them of the situation brings
them into the loop and they generally have the knowledge and expertise to
track down the proper people to contact, can contact them, hold a lot more
weight since they are from a fellow ISP, know the lingo and know how to get
stuff done.

    At my previous job I had to handle several DOS and bulk spam runs.  It is
amazing how fast things get shut down on the other end when you call up their
NOC and inform them they know have a block at your router until they clear it
up.  ;)

> Each time has happened over a weekend and it is hard to get ahold of
> people that can do anything more than answer the phone.

    Again, call your ISP, let them handle it.  Ever ISP worth their salt has
an admin on duty 24/7, even the regional mom & pops.  I've worked at the
regionals and am now a cog in a large national.  I was one of those admins at
the regional and here we have a full admin staff for such problems on 24/7 (3
people minimum I think) with the rest of the regular admin staff on call 24/7.
If the person you contact can't do anything, demand to talk to someone who can
because there is someone who can either on site or on call.

- --
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
         ICQ: 5107343          | main connection to the switchboard of souls.
- -------------------------------+---------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i

iQA/AwUBOi0stnpf7K2LbpnFEQKcjACgwy9UKhO/emdvljXGoZEGgpAaipMAmwZS
NtKCe17tdlBAYKTOVfw2Z+P+
=aXvO
-----END PGP SIGNATURE-----