The attack started at 2:30 a.m. on 15 January. But I didn't know that something was amiss until 4:20 p.m. or so, when I tried to check my mail. Strangely, there were 25 mail bounces from MAILER-DAEMON. Somebody had tried to send out a whole bunch of mail; the mail that bounced ended up in my inbox.

"Customers For You!" the message read. "CV Communications BULK EMAIL ADVERTISING SERVICE."

Great! I had been spammed by a spammer advertising spamming services. And the mail was being sent out from my computer!

It didn't take me long to piece together what was happening. Somebody calling himself CV Communications had connected to the mail server on Vineyard.NET, and was using my computer to send out his unsolicited bulk email. The nerve! This guy was using my Internet connection to further his commercial ends, and sticking me with his bounces.

Further on down in my mailbox I noticed the complaints. Across the Internet, people being hit by this fellow's spam were blaming me and Vineyard.NET. Most thought he was one of our customers.

I logged on to my computer and typed the mailq command to see how much mail this spammer had piled up on my machine. I was horrified: There were more than 2,000 messages waiting to go out. Nearly all of them were being shipped to AOL and CompuServe customers.

The good news, I thought wryly, was at least this guy hadn't broken into my system. He was slowing down mail for all my customers, giving me a bad name, and making lots of work for me, but at least he hadn't broken in.

The spammer's email invited me to send email for further information, so I did. He sent me a FAQ, a brochure, and a price list. Then I called him up (his phone number was at the bottom of each message) and demanded that he stop using Vineyard.NET as his spam center.

He acquiesced, but I didn't trust this guy for a minute, so I took evasive action. Click "Geek This" to see how.

Next I decided to delete the spammer's outgoing mail from our system. This was also easy. All the spammer's mail contained the letters "quantcom.com." I just deleted any file which contained that character string.

But my real anti-spamming solution is a number of modifications I'm making to Vineyard.NET's mail server. Here at Vineyard.NET, we use a program called "smap" to receive outside email. Smap is part of the Trusted Information System's Firewall Toolkit. It's a simple program that receives outside email and throws it in a special directory; a second program, called "smapd," scans this directory and performs the actual mail delivery. This two-program approach is designed to avoid the sort of security problems that plague Sendmail, another mail server.

I've set up Vineyard.NET's smap configuration file so that mail to Vineyard.NET that contains more than a few dozen recipients will be rejected. Smap actually already contains the code to do this, but it's disabled by default.

The second thing I'm doing is having smap distinguish between connections from inside my network and those from the outside. Mail from the outside will only be accepted if it's for Vineyard.NET users. This will prevent Vineyard.NET from being used by another spammer.

The nice thing about smap is that when it rejects a mail message, the TCP/IP connection is closed even before the message gets sent. It's not like a mail bounce - the message stays put on the spammer's computer.