[TriLUG] spam attack help?
Matt Pusateri
mpusateri at wickedtrails.com
Wed Apr 2 11:31:30 EDT 2008
I can see no reason why you would not want to run greylisting. Any
valid mailserver will retry and any invalid one disappears. Postgrey
works great. I also use maRBL although I'm not sure if it's actively
being developed. maRBL, uses p0f to passively identify the host OS and
if it is Winders it's triggers RBL. This keeps the windows spam zombies
at bay.
Matt P.
Dave Sorenson wrote:
> Greylisting, while not perfect, has reduced my spamassasin workload by
> 98%. It kills the winders zombies like a headshot from a 12 gauge.
>
> Dave
>
> Cristóbal Palmer wrote:
>
>> Hi folks. Anybody seen a huge spike in spam volume in the last few
>> days? I'm responsible for mail at ibiblio and since yesterday
>> afternoon our mail log has been growing at a rate of 1MB every 17
>> seconds or so. So... what do you suggest to help reduce load? I'd like
>> to reject more at SMTP time to keep spamassassin from having to chug
>> through any more than it needs to.
>>
>> Current restrictions include (but are not limited to):
>>
>> smtpd_helo_restrictions =
>> permit_sasl_authenticated,
>> permit_mynetworks,
>> reject_invalid_hostname,
>> reject_non_fqdn_hostname,
>> reject_unknown_hostname
>>
>> smtpd_sender_restrictions =
>> permit_sasl_authenticated,
>> permit_mynetworks,
>> reject_non_fqdn_sender,
>> reject_unknown_sender_domain
>>
>> ...
>>
>> we don't currently use any RBLs at SMTP time for philosophical
>> reasons... maybe principal should go out the window when under attack?
>> Maybe we should be doing greylisting? I use greylisting on other
>> systems, but we've been avoiding it on this machine for several
>> reasons.
>>
>> I'd appreciate feedback offlist and on.
>>
>> Cheers,
>>
>>
More information about the TriLUG
mailing list