[TriLUG] spam attack help?

Dave Sorenson dave at logicalgeek.com
Wed Apr 2 10:58:30 EDT 2008

Greylisting, while not perfect, has reduced my spamassasin workload by 
98%. It kills the winders zombies like a headshot from a 12 gauge.


Cristóbal Palmer wrote:
> Hi folks. Anybody seen a huge spike in spam volume in the last few
> days? I'm responsible for mail at ibiblio and since yesterday
> afternoon our mail log has been growing at a rate of 1MB every 17
> seconds or so. So... what do you suggest to help reduce load? I'd like
> to reject more at SMTP time to keep spamassassin from having to chug
> through any more than it needs to.
> Current restrictions include (but are not limited to):
> smtpd_helo_restrictions =
>   permit_sasl_authenticated,
>   permit_mynetworks,
>   reject_invalid_hostname,
>   reject_non_fqdn_hostname,
>   reject_unknown_hostname
> smtpd_sender_restrictions =
>   permit_sasl_authenticated,
>   permit_mynetworks,
>   reject_non_fqdn_sender,
>   reject_unknown_sender_domain
> ...
> we don't currently use any RBLs at SMTP time for philosophical
> reasons... maybe principal should go out the window when under attack?
> Maybe we should be doing greylisting? I use greylisting on other
> systems, but we've been avoiding it on this machine for several
> reasons.
> I'd appreciate feedback offlist and on.
> Cheers,

More information about the TriLUG mailing list