New attack = New rules.

Spammers continue forgering "From:" address in massive email sents pointing it to us. At this time we are suffering a new wave. The bounces come all to Pookmail front MTA-server so we decided to start denying certain origin address to avoid extra traffic and fool inserts in our database from bounces of emails that we DONT sent.

At this time we are rejecting 5 SMTP connection per second from postmaster@ or mailer-daemon@ informing with a 550 error that bounces are not admited and for "further and human information contact pookinfo" at our domain.

We can't reject mail from null sender like "mail from: <>@at.any.host" usually containing bounces without violating RFC 821 as stands here.

Service remain unaffected and fully operative

load average: 300 and growing

After a bit deal with config files and parameters we have considerably reduced our traffic and cpu load.

After restoring, last week, the service our main server were at 300 or more of "load average". Currently we have incorporated a new front server filtering bounces of mails created by spammers using pookmail.com as fake origing address with the sole intention of creating a DoS.

At this time the load is at 10% of the our total capacity of processing.

Thank you four your patience.

We are back.

Hi all,

We are pleased to announce that PookMail is now available again after the attack received days ago.

We are working strong to avoid DoS attacks, or detect them sooner ;) New tools, as Snort, and new hardware has beed added to our system in order to support the overload.

This blog will be used in order to let our users know the lastest news from our services.

Please feel free to post your comments, share your ideas or say something interesting.

Gravstar and me will try to do our best in this blog.