[AusNOG] *POSSIBLE SPAM* Re: qld transport contact

[Mike Manning]

We have 2 Astaro Mail Gateways and they are processing over a million of these between the 2 boxes each day.. looks like the Qld Transport ones have stopped since the SPF update, most of them now are virginblue and ticketek emails.  The Antivirus scanner on the AMG's (Avira) is detecting the payload as HIDDENEXT/Worm.Gen for all of them.

Cheers, Mike

-----Original Message-----
From: Chris Scholfield [mailto:admincs at heartland.com.au] 
Sent: Thursday, 13 December 2012 1:41 PM
To: ausnog at lists.ausnog.net
Subject: *POSSIBLE SPAM* Re: [AusNOG] qld transport contact

SPF is keeping them at bay with us as well thank goodness. The problem we had first started when some users were complaining they couldn't send email.
Turned out it was because these external IP's were establishing so many connections it maxed out the limit we had set on the email server.

I've been looking into either blocking or allowing certain countries IP addresses on the router for the mail server to prevent these attacks from reaching the mail server to begin with.  Everyone I have spoken to so far has said it could possibly be done, but they've never tried it.

Anyone had any experience in doing this?  If so, how'd it turn out?

Chris Scholfield

-----Original Message-----
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Peter J. Cherny
Sent: Thursday, 13 December 2012 2:29 PM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] qld transport contact

I've got 425 unique ip addresses from a few thousand msgs if anyone needs them, but SPF et al stops them dead.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog