1

I have a mail server - postfix, amavis, dovecot. Currently one of my inboxes is being flooded with random email from all over the globe. It's like someone signed me up to 10,000 newsletters all at once.

Here's where it's tricky:

  • All the emails are different, making filtering hard.
  • They are coming from everywhere, making ip blocking useless
  • They are coming from seemingly legit sources (SPF/DKIM Passing)

I can't think of any way to stop it short of just dumping the mail account.

I'd appreciate any ideas.

Improve this question
1
  • If you can have a (prior) list of sources which are that inbox typically gets emails from, set that up as a whitelist.
    – Nikita Kipriyanov
    Commented Jun 6 at 5:42

2 Answers 2

Reset to default
1

It sounds like you're the victim of a subscription bomb attack. In my experience, there's not a whole lot you can do. You can wait for the deluge to subside or you can abandon the email address/mailbox that is the target of the subscription bomb.

Using standard anti-spam measures is unlikely to help very much as these subscription bomb emails will be coming from legitimate senders in response to the actions of the perpetrator.

https://mailstrom.co/articles/how-to-stop-an-email-subscription-bomb/

Improve this answer
1
  1. Block dynamic IP addresses (and addressees not supposed to send emails)
    Use DNSBL e.g. PBL
  2. Consider deploying greylisting. It should/may reduce spam from botnets by requiring retrying first time delivery attempts. It will delay delivery of "first time" emails.

The measures above are quite likely to reduce the problem.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .