It all started last week, right before I left on my trip. I got a weird error from my mail server so I logged in to the admin to check it out. There were thousands upon thousands of mails queued up. Somehow, my server was relaying, even though I've got it pretty well buttoned up. I had only a few hours before I was to leave, so I couldn't do much. I closed up the SMTP port and brought the server down. I waited about 30 minutes and brought it back up. Nobody reconnected, so it seemed fine. I poked around and tried to figure out how they got in, but I simply ran out of time. I left on the trip, checking in on the mail server every once in a while to make sure it was ok. It was fine for the whole trip. I figured there must have been some kind of a fluke. Perhaps a virus running on someone's machine piggybacked their connection and relayed spam that way. Who knows. It seemed to be gone, so I just left it alone.
Fast forward to yesterday evening. Same weird error. I check the admin and there's like 30,000 messages queued. Shit. It's about 45 minutes before I gotta leave for a DJ gig. I pull the plug, wait a few minutes, and reconnect it. They immediately show up again and start humpin' my precious DamnDirtyMailServer[tm]. Bastards. Since I have to leave, I constrict the pipe down to only a few channels so as to at least slow them down. I leave and go rock the turntables like a mighty Hercules of soul.
I get home at about 1, wishing I could just go to bed, but I have to start trying to figure this out, because the whole time I was out, the spammers were smackin' that server's ass and making it call them daddy. I hate them. I'd already spent around 8 hours collectively trying to solve this problem, yet I now thought that 1 in the morning was a good time to attack it again.
I messed with it for about an hour and a half and then just gave up. I couldn't come up with any damn thing. I went to bed after deciding that first thing in the morning, I was going to send everyone who uses the DamnDirtyMailServer an email telling them to look for a new provider, because we were screwed. The spammers had won. I was a big old loser in the geek kingdom.
The End?? No way, suckas!! I ain't goin' out like that!!
So I go to bed and toss around for about an hour, dreading the process of getting a new mail provider, getting all of mine and Susie's mail moved, helping everyone else get theirs taken care of, etc... I literally was now losing sleep over the stupid mail server and it was pissing me the fuck off. I'm sure Susie was losing sleep too, because I was bouncing around like a lunatic.
Finally, I got up and went to the couch with my blanket, figuring if I was going to be bouncing around, I might as well not keep Susie and Elvis (our fish) up all night. I still couldn't sleep, so I opened up the laptop and watched the spammers abuse my mail server some more.
That's when it occurred to me. Checking the logs, I could see that all the spam was getting through to places like aol.com and hotmail.com. These domains don't accept mail from servers on a dynamic IP (like mine), so for the users of the DamnDirtyServer[tm] to send them mail, I have to route those domains through comcast's mail server, via a record in the mail server's router table. The mail record tells the mail server to just forward all mail for those domains straight to comcast. It seemed stupid, and therefore likely, that the mail server would route that mail for unauthenticated clients instead of just valid ones. I started reading and reading and reading. Finally, around 4:30, I found a post from someone who confirmed my suspicion and described how to write the router records correctly so the mail server wouldn't relay mail from strangers to those domains. I closed the hole and watched the server for another 40 minutes or so.
Now I could see the spammers attacking and attacking, but the server was just refusing to relay their mail. As of right now, they're still trying, but they're not getting anywhere. Suckaz. Hopefully they'll drop off and move on to some other idiot with a badly configured mail server. Even though their mail isn't getting anywhere, they're still using up connections trying to get the server to do their bidding.
I traced their IP's to an ISP in China and sent their anti-spam department a mail with my server logs. They probably won't do anything about it. In fact, they'll probably use the information in my logs to find some backdoor to my mail server and seriously screw me. Damn chinese ISP.
So, the shitty side of all this is that comcast's mail server threw a fit when it saw all the mail coming from me. We're not supposed to run servers on our connection, so their software figured that I had a virus or something and now I'm not allowed to use their mail server for 48 hours, which means I can't send any mail to hotmail, AOL, or a handful of others until then. Suck.
So yeah... that's my night. I finally got to bed around 6:30 and got to sleep for a whole two hours! Wonderful. And you thought just having to delete spam from your mailbox was annoying!
Die spammer. Die a thousand painful deaths.