[TriLUG] spam attack help?
Cristóbal Palmer
cristobalpalmer at gmail.com
Wed Apr 2 10:45:51 EDT 2008
Hi folks. Anybody seen a huge spike in spam volume in the last few
days? I'm responsible for mail at ibiblio and since yesterday
afternoon our mail log has been growing at a rate of 1MB every 17
seconds or so. So... what do you suggest to help reduce load? I'd like
to reject more at SMTP time to keep spamassassin from having to chug
through any more than it needs to.
Current restrictions include (but are not limited to):
smtpd_helo_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_hostname
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain
...
we don't currently use any RBLs at SMTP time for philosophical
reasons... maybe principal should go out the window when under attack?
Maybe we should be doing greylisting? I use greylisting on other
systems, but we've been avoiding it on this machine for several
reasons.
I'd appreciate feedback offlist and on.
Cheers,
--
Cristóbal M. Palmer
http://tinyurl.com/3apraw "They also abandoned other volumes, later,
while fleeing from the librarians."
More information about the TriLUG
mailing list