Problem solve Get help with specific problems with your technologies, process and projects.

Identify and block incoming e-mails

I currently run several RedHat servers with Postfix email and Sophos Anti-Virus protection. The problem is I've noticed that some of the servers are constantly bombarded with hundreds of emails coming in (of course they are being either denied or deferred and dropped). Is there a way to:

1) Identify where the e-mails are coming from (since none are showing up in the users mailbox)

2) Stop the bombardment, as it is a denial of service.
This is quite timely as many have struggled in the past few weeks with SoBig. First, as to identifying where the emails are coming from there are methods to attempt to do so, but they don't always work. For example I was contacted recently as to why I was "propagating" the SoBig virus in emails from a personal email account. I wasn't, but someone who was infected had me in their address book, and the virus selected me as the from address to use in spoofing. So many messages went out, looking as if they came from me when in fact they didn't. Some email administrators I talked to say in the first day or so of SoBig they were swamped with messages indicating they had sent an infected file because of this type of spoofing.

If you are determined to identify the source of each of these emails, this previously answered question gives some indications of where to go. As to stopping the bombardment, I agree it is a denial of service. It is simply an unfortunate artifact of mail as we know it, and there is not easy way to stop it from arriving at your gate (or gateway). The good thing is that you have been able to stop it from entering once it is on your doorstep.

This was last published in September 2003

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.