Under attack
It started this afternoon, a huge distributed dictionary spam attack. I’m seeing lots of computers trying to send email to random email addresses on my server:
postfix/smtpd[16754]: NOQUEUE: reject: RCPT from host[x.x.x.x]: 450 4.1.1 [email protected]: Recipient address rejected
postfix/smtpd[16997]: NOQUEUE: reject: RCPT from host[x.x.x.x]: 450 4.1.1 [email protected]: Recipient address rejected
postfix/smtpd[16754]: NOQUEUE: reject: RCPT from host[x.x.x.x]: 450 4.1.1 [email protected]: Recipient address rejected
All of these mails (50.000 of them, despite adaptive firewalling) go to the same domain, so it must be coordinated somewhere. I’m using fail2ban, which keeps my system relatively stress-free (load still smaller than 0.5). To give a sense of scale: on average, there’s around 60 hosts blocked by fail2ban. Bans last for 10 minutes, so that’s quite a lot of hosts targeting my server.
Anyone seen similar stuff happening?