[TriLUG] spam attack help?

[Matt Pusateri]

I can see no reason why you would not want to run greylisting.  Any 
valid mailserver will retry and any invalid one disappears. Postgrey 
works great.  I also use maRBL although I'm not sure if it's actively 
being developed.  maRBL, uses p0f to passively identify the host OS and 
if it is Winders it's triggers RBL.  This keeps the windows spam zombies 
at bay.


Matt P.


Dave Sorenson wrote:
> Greylisting, while not perfect, has reduced my spamassasin workload by 
> 98%. It kills the winders zombies like a headshot from a 12 gauge.
>
> Dave
>
> Cristóbal Palmer wrote:
>   
>> Hi folks. Anybody seen a huge spike in spam volume in the last few
>> days? I'm responsible for mail at ibiblio and since yesterday
>> afternoon our mail log has been growing at a rate of 1MB every 17
>> seconds or so. So... what do you suggest to help reduce load? I'd like
>> to reject more at SMTP time to keep spamassassin from having to chug
>> through any more than it needs to.
>>
>> Current restrictions include (but are not limited to):
>>
>> smtpd_helo_restrictions =
>>   permit_sasl_authenticated,
>>   permit_mynetworks,
>>   reject_invalid_hostname,
>>   reject_non_fqdn_hostname,
>>   reject_unknown_hostname
>>
>> smtpd_sender_restrictions =
>>   permit_sasl_authenticated,
>>   permit_mynetworks,
>>   reject_non_fqdn_sender,
>>   reject_unknown_sender_domain
>>
>> ...
>>
>> we don't currently use any RBLs at SMTP time for philosophical
>> reasons... maybe principal should go out the window when under attack?
>> Maybe we should be doing greylisting? I use greylisting on other
>> systems, but we've been avoiding it on this machine for several
>> reasons.
>>
>> I'd appreciate feedback offlist and on.
>>
>> Cheers,
>>   
>>