RE: Speaking of DDoS attacks

In my humble opinion it looks like something at your mail server. is , their mail server, which appears to be
re-sending the original 10 Jul mail.

The original hit their mail server 10 Jul. This copy was forwarded to your
XXX (is this the actual header or are you protecting the innocent?) on 12

Your work mail server may not be properly acknowledging receipt of the list
mail so Merit's server continues to re-send (for the default 4 days?) until
the resend TTL.

A trace to dies at 500.Serial2-2.GW1.HNL2.ALTER.NET so I'm not
sure what's hanging there but I'd look at your mail agent configuration.

A second possibility is some non-standard character in your work mail
address. You don't say what it is but if there is a character in it that is
benign on your system but meaningful to Merit's mail system, there may be a

I've been the victim of a similar "attack" in the past as a result of the _
in my address.

Just my 2�


Merit uses Postfix.. A workaround was recently added to Postfix which breaks
up lines over 2048 bytes, as some Mickeysoft MTAs stop responding when
Postfix delivers mail with large lines in them. Without this patch, Postfix
will keep resending until it gives up.