> You can always wish me luck :-) Or you may just "build yourself some luck" :) see, it's not difficult and since you're running ASSP there are several settings you may tweak to get back in control; let me try talking about some of them
* Setup ClamAV scanning, ensure that both, incoming and outgoing messages are being scanned, next, add to your clamav the sigs from http://www.sanesecurity.co.uk/ - to do so, just pick one of the ready-to-use scripts, configure it to fetch the signatures you want (more later) and schedule the script to fetch and update those extra sigs once a day or... the like * Get a grip on "regexp", that's a *need* not an option if you really want to use ASSP and it will help you a LOT... and I'm not kidding, the whole "regex filter / spambomb" section has a whole LOT of horsepower once you become familiar with regexp; you don't need to become a "guru" but you'll need some "basics" * Set the "localfrequency" parameters in "relaying" to some reasonable value (e.g. int=1800 rcpt=120) and create your own "nolocalfrequency" file to exclude known, good "mass senders" * Add the appropriate mail alerts to "logging" -> "notifyre" so that in case the "localfrequency" gets some hits on in case of other issues you'll get an email alert from your ASSP let things "distillate" and finetune them a little bit at a time and you'll probably/possibly avoid similar issues in a future HTH ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
