Help with email flood attacks


#1

umm i sure do hope someone reads this. i have had my email techtroid@techtroid.com for about a month now. last week i checked my email to realise i was hit my a major flood [1205 emails] from the same adress, obvsiously. i didnt read em all, just went to the web-interface email, and used show all / toggle all to delete everything. now this has happened today again. i caught the thing in the process: new emails came in as i deleted them by hundreds. the sender was marked as president@whitehouse.gov it doesnt bother me to an extreme, but i would like to know:

  1. has anyone here have similiar problems
  2. is there a flood feature on the server i could turn on
    thanks in advance for your help, techtroid

#2

Procmail (a mail processing language) is very useful for stuff like this. It’s a bit difficult to learn, but there’s a lot of information online about it.

Unfortunately, my kbase docs on it are currently a bit out of date, at least as far as dh-specific stuff. I’m going to be fixing that Real Soon (my much-needed and too-short vacation is over tomorrow, so I’ll get cracking soon).

Other than that, reporting the mail to the actual origin of the message is a good idea; using spamcop might be helpful in determining it, but i wouldn’t use spamcop to report it, as it may not actually be “spam”, and you might accidentally send a complaint to somewhere unrelated.

If you send in the header section of the message to support, they could help you out with figuring out the origin as well.

Are you sure it’s a flood attack and not a virus of some sort? Is there a binary attachment that comes with the email? Is the ‘From:’ header always the same? What about the Return-Path: header?


#3

1200 sounds extreme, but this kind of thing definitely can happen with viruses, so I’d check that avenue out too–I got bombarded by one infected computer for days a few months ago.