I had three hours sleep last night! But it was worth it.

Let me explain. Are we sitting comfortably? Then I will begin.....


I logged into my server control panel a couple of months ago and noticed that the SMTP component (which relays emails to and from email clients) was registering above 200,000 messages transferred. A bit odd, I thought, but I assumed that it must just be the way the SMTP component works, so I didn't think anything of it at the time. Anyway, you'll remember from my last post about spam that one of my clients called up to tell me that they were sending out emails, but the recipients could not pick up the emails. I decided to take a look at the mail spooling area (which puts all emails in a queue for sending out) and I noticed a shocking 75,000 items! I was a bit pissed off to say the least, but I cleared out the mail spool, and normal email service resumed.....for a while.


A couple of weeks passed, and again the email-sending problem re-appeared. Now, at this point I started to become concerned. Something was happening here, and I needed to find out what it was. I cleared out the mail spool folder again (this time it contained 87,500 emails!!!) and tried to send some test emails. They still weren't getting through. I'd left the mail spool folder open on the desktop and in the ten or fifteen minutes of my email testing, the spool folder had collected another 15,000 emails! What the f-? I opened one of them up and then the problem became blindingly obvious. Some scumbag arsehole in the US of A was using a couple of my domain names to send out spam to the outside world(which thankfully I was not using on a regular basis; they contained holding pages for future projects). And they were doing it by the bucket-load. The SMTP log was showing 2million+ sent messages! I knew they were doing it from a home PC in the US because their PC's IP address was contained in the email headers, and it was a dynamically-assigned DSL address by Verizon in the US.


The most brute-force way of stopping them (because I don't need the affected web addresses to be up and running for the foreseeable future) was to close down the websites (hence stopping the mail portion for the site) and point the domain names to the servers of registration company (with whom I registered the domain names). The effect was INSTANT! The mail spooler wasn't getting clogged by thousands of emails in one go, and normal email service was resumed instantly.


This little escapade made me stop and think. It could have been much worse, and I guess I am lucky that my server hasn't been blacklisted already, even though it's not my fault. I just wish I could step on the face of the scumbag who abused my server! I would stick him in prison for the rest of his life.


Anyway wind your neck back in Graham! I decided to take some action last night and I've noticed a remarkable difference in the level of spam already. I installed an anti-spam technology on my server last night (I won't say which one!!) and even before it has been fully configured, it has already stopped quite a bit of spam. I've added lots of domain names to the blacklist already, and I basically banned the whole of Japan from sending incomprehensible (for us non-Japanese-speaking folk) emails. I've added some names to the whitelist (legitimate ones), and incorporated greylisting which delays emails and rejects ones that can't be confirmed (i.e. spam). Plus I'm shutting down all the domain names I do not use or can do without for the foreseeable future. It narrows the attack surface.


I'm fighting back against the spam scurge with a vengeance. I'm also going to collect the IP addresses of all the culprits and am going to report each and every one of them for abusing my servers. You want some, you spamming scumbag? You're gonna get some! You picked on the wrong guy!