[Dshield] Problems with email

Deb Hale haled at pionet.net
Fri Oct 3 21:27:22 GMT 2003


/SNIP/
If the past two or three year's worth of email is suddenly being resent, or
otherwise reappearing this sounds like something entirely internal to these
two ISP's.




This is only happening on one of the ISP's. I am asking them to explain to
me how this is happening and why copies of email in and out is being held.
They can't (or Won't) explain it to me. (As usual).   :(



Anyway, the other one is just getting overloaded with emails that appear to
be the same group of emails (from yesterday) being sent over and over again.
They thought they had it cleaned up last night and it started happening
again this morning. This one runs on a UNIX box. They are totally puzzled
and ready to shut the whole thing down until they can get it to stop. 

They had a user click on the "Microsoft Update" attachment on Monday. Then
most of their customers started getting the same email from that user as
well as others. It started building up steam on Tuesday and Wednesday and
the average number received per day was 20 to 25. Then yesterday all H...
Broke loose and it is still loose. It is like they are overwhelmed with
spam????? But it is the same group of emails being sent over and over again.
(I know it doesn't make sense).

I can tell you this ISP is one of the best in the area. They are extremely
security conscientous and apply patches to the OS's as soon as they know
about them and have had an opportunity to insure no negative impact (unlike
the other ISP noted above who only patches after they get hit). While they
are evaluating they are monitoring closely. They have closed down all of the
open relays and the amount of spam dropped from several hundred a week to 3
or 4 a week.  These guys have been in the business a long, long time so I
have a lot of confidence and respect for their knowledge and ability. They
have been very proactive rather than reactive.

I am beginning to feel for them, they are about at their wits end.

Any thoughts?





More information about the list mailing list