How To deal with DDOS spam bounce attack

Hi All,

We are experiencing a distributed denial of service (DDOS) attack
implemented via bounce messages. Some odious, greasy, hades-bound,
bottom-feeding outcast has decided to use one of our domain names as the
spoof source for the From: field of their spam messages. The scoundrel
generates thousands of messages, and those which don't make it to their
intended victim (for whatever reason) are bounced to our machine.

I had to disable all the filters this weekend so that PO could keep up with
the volume of bounces that are being sent to our machine. (G4, 450MHz, 512,
10.2.8)

The attack really amped-up this Friday from about 60/day to about 4000/day.
I had a filter that Discarded all messages sent to that domain except for
the two valid users. I can't use PO's built-in "only accept mail for valid
users" because it is global across all domains and we need wildcard
functionality on the other domains.

My questions are:

What is the most efficient way to deal with the bounce messages? I am
concerned that my original filter was part of the problem we saw this
weekend with PO slowing the machine to a crawl and SMTP-Accepts stacking.

As I understand it, a filter with a Discard checkbox (like the one I had)
tells the SMTP machine sending the filtered message: "Transactions
prohibited between these computers". Now, is that SMTP transaction more
efficient or less efficient than simply accepting this torrent of bounces
and dealing with them with a filter that shunts them to an auto-delete
account?


Thanks for any insight or pity!
dan

---------
Tenon Intersystems' Post.Office Mailing List
To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
with the body only containing: 
unsubscribe
Find the searchable mailing list archives at:
http://postoffice.computeroil.com/