spammer wasting my bandwidth

I've had a colo'd server with ServerMatrix/ThePlanet (for personal and friend's sites) for about 9 months now without problem.. Today I went checking in orbit, their backend thing to see my bandwidth usage.. I was surprised to see about 1.5mbit/s sustained usage.. Investigating further, I found an IP, 65.218.31.194 had tons of SMTP connections open to my system..

Qmail is the mail server I run (primarily because it was easy to setup) and I know that it's not an open relay (at least the configuration isn't, and any online open relay test I could find said it isn't). Anyways, looking at my logs, it looks like that system was constantly trying to send messages through my system.. It seems that qmail was accepting the messages but obviously not delivering them. Anyways, I blocked that ip and all's well now, but I'm wondering if any of you have had this happen?

I put in a script to alert me of huge bandwidth spikes like that, but it freaked me out thinking what the overage would cost me if I didn't notice it until later. Anyone else seen something like that? Anyone know what "Flexible Technologies" is? I'm assuming it's a spammer, but I don't know for sure.

 

 

 

 

Top