U
unco
Guest
Has anyone else seen this?
A user has received thousands of messages - probably over 100k per day. All of them are from unique IP addresses and all of them contain "User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)" in the header. We had no recourse except to delete her mailbox, which she did not want to have happen, but the mail queue was so huge that nobody else's mail could be delivered.
We don't have spamassassin installed on this server. We use an external appliance for spam and virus filtering, but they didn't subscribe to the service until after the email bombing started. Therefore, spammers were still hitting the server because the DNS had not yet propagated.
There's no rescuing them, because she will be hosting elsewhere since we won't let her use that email address for now. I'm just curious about how anyone would have handled the email bomb situation. Our customer service person said that they transferred their domain to us a year or so ago when the same thing happened at their last ISP.
Thank goodness it doesn't happen often. I really can't think of another such incident in our nearly 13 years of doing this.
Beth
A user has received thousands of messages - probably over 100k per day. All of them are from unique IP addresses and all of them contain "User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)" in the header. We had no recourse except to delete her mailbox, which she did not want to have happen, but the mail queue was so huge that nobody else's mail could be delivered.
We don't have spamassassin installed on this server. We use an external appliance for spam and virus filtering, but they didn't subscribe to the service until after the email bombing started. Therefore, spammers were still hitting the server because the DNS had not yet propagated.
There's no rescuing them, because she will be hosting elsewhere since we won't let her use that email address for now. I'm just curious about how anyone would have handled the email bomb situation. Our customer service person said that they transferred their domain to us a year or so ago when the same thing happened at their last ISP.
Thank goodness it doesn't happen often. I really can't think of another such incident in our nearly 13 years of doing this.
Beth