From jdc@milehigh.denver.net Tue Nov 4 23:24:56 1997
Date: Tue, 4 Nov 1997 21:25:07 -0700
From: John-David Childs <jdc@nterprise.net>
To: Dennis Simpson <dennis@bconnex.net>
Cc: nanog@merit.edu
Subject: Re: tcsender email bombinghad this to say about "tcsender email bombing":
> Having seen fairly heavy loading on our mail server today, I decided
> to see what might be going on.Yes...2741 entries in my maillog since 11:00pm yesterday...but our
mailserver barely hiccuped and I wouldn't have noticed for a day or two
unless I came across your post. What prompted you to go looking?> Approximately one third of our email traffic today has come from this.
We keep a fairly close eye on our servers (most of the time 
and
when we suddenly see one source responsible for a third of the spam,
it is worth making some effort to knock them off.
Taking the connections just to reject them seems like a real waste
to me, and so does logging it all.
You may want to change your 451 errors into 571 errors at least for this
particular domain. From RFC1893:
Interesting point. I wonder how many people care what the reject code
is, compared to how many just note that it failed, and follow it up
as they would any failure, regardless of the failure code?
Thx,
dennis