For the first time since I can remember, my POP3 server was effectively shut down by too many simultaneous connections today. The first fix I tried was to raise the number of connections from the default 40 to 100, but the problem soon returned.
I finally ipfw'd off the offending IP (22.214.171.124 for anyone interested), then went to look for other possible offenders in the log. I noticed several thousand connections today to a few dozen former users from 4 IPs from 126.96.36.199/21. One of the users was actually legitimate.
These IPs belong to mailanyone.net. The tech contact in their ARIN record is listed as:
OrgTechName: Heitman, Bryan
However, that phone number goes to a UPS store that has no idea what I'm talking about. I then dialed their suppseod NOC number:
Comment: FuseMail, LLC Network Operations Center contact
Comment: 877.888.3873 x3
I am on hold with that number right now with some very loud and annoying music.
Can anyone offer any insight as to these people and how/who to deal with there?
Would a provider be amiss to just block their entire /21?
James Smallacombe PlantageNet, Inc. CEO and Janitor