left the window open, spammers attacked!

If you sent me an email anytime between Saturday night and Monday afternoon and didn’t get a response, please send it again.

Ack. Running your own mail server is not without its challenges.

Back when I ran Exchange from home, I had created a separate SMTP connector to send mail to certain domains via my ISPs SMTP servers instead of sending direct because some bigger servers (AOL, etc) had blacklisted all mail coming from my IP range. Except I mistakenly left the “allow mail to be routed to these domains” on.

Although this setting had been there for months, it had not yet been “discovered”. Well sometime Saturday, they came with a vengeance. Mail finally stopped completely when the drives filled to capacity. It actually took quite a few hours of working before I figured out what had happened. The SMTP queues were full of hundreds of thousands of messages, mostly to and from German/middle European domains. I started deleting these by hand, but after four hours, I had barely made a dent. Fortunately I found aqadmcli.exe, a command line tool from MS that allowed me to delete the queues en masse. I calculated afterwards that this saved me 40,000 clicks of the mouse. The downside was that I was unable to filter out the good mail from the bad and for the first time in six years of running my own mail I lost messages.

Of course, now I’ve done all the tightening and securing that needed to be done. I’ve even implemented an SMTP tarpit, a feature included in Windows Server 2003 SP1, which will hold onto connections from outside servers attempting to relay mail through me and prevent them from releasing right away, which should slow them down.

Published

2 comments

Leave a comment

Your email address will not be published.