[TriLUG] spam attack help?

Scott Lambdin lopaki at gmail.com
Wed Apr 2 13:24:20 EDT 2008 

What about the time delay?  People like to use email like chat.

On 4/2/08, Matt Pusateri <mpusateri at wickedtrails.com> wrote:
>
> I can see no reason why you would not want to run greylisting.  Any
> valid mailserver will retry and any invalid one disappears. Postgrey
> works great.  I also use maRBL although I'm not sure if it's actively
> being developed.  maRBL, uses p0f to passively identify the host OS and
> if it is Winders it's triggers RBL.  This keeps the windows spam zombies
> at bay.
>
>
> Matt P.
>
>
> Dave Sorenson wrote:
> > Greylisting, while not perfect, has reduced my spamassasin workload by
> > 98%. It kills the winders zombies like a headshot from a 12 gauge.
> >
> > Dave
> >
> > Cristóbal Palmer wrote:
> >
> >> Hi folks. Anybody seen a huge spike in spam volume in the last few
> >> days? I'm responsible for mail at ibiblio and since yesterday
> >> afternoon our mail log has been growing at a rate of 1MB every 17
> >> seconds or so. So... what do you suggest to help reduce load? I'd like
> >> to reject more at SMTP time to keep spamassassin from having to chug
> >> through any more than it needs to.
> >>
> >> Current restrictions include (but are not limited to):
> >>
> >> smtpd_helo_restrictions =
> >>   permit_sasl_authenticated,
> >>   permit_mynetworks,
> >>   reject_invalid_hostname,
> >>   reject_non_fqdn_hostname,
> >>   reject_unknown_hostname
> >>
> >> smtpd_sender_restrictions =
> >>   permit_sasl_authenticated,
> >>   permit_mynetworks,
> >>   reject_non_fqdn_sender,
> >>   reject_unknown_sender_domain
> >>
> >> ...
> >>
> >> we don't currently use any RBLs at SMTP time for philosophical
> >> reasons... maybe principal should go out the window when under attack?
> >> Maybe we should be doing greylisting? I use greylisting on other
> >> systems, but we've been avoiding it on this machine for several
> >> reasons.
> >>
> >> I'd appreciate feedback offlist and on.
> >>
> >> Cheers,
> >>
> >>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/




-- 
CILCIL

More information about the TriLUG mailing list