John, The system to tie LDAP to your Sendmail is not as hard as you think. See http://www.peregrinehw.com/downloads/ldap/. It's elegant and ties into sendmail prior to MD getting involved. I think everyone here will agree that blocking bad users at the gateway has HUGE advantages.
Also, have you tried just a define(`confCONNECTION_RATE_THROTTLE',`1')dnl to throttle connections to one per second? Finally, if you use define(`confBAD_RCPT_THROTTLE',`2')dnl that will help identify sites that are harvesting, performing dictionary attacks, etc. We also use it to tie into a system that monitors the logs for sites doing this and blocks them with iptables: http://www.peregrinehw.com/downloads/sendmail/current-8.12.X/untarred/contrib/poprelay-RCPT_Throttle/ I *highly* recommend this system and have taken steps in the program as you will see to begin centralizing the gathering of IP addresses involved in these type of issues. Regards, KAM > I've had mimedefang+clamav+spamassassin running quite happily here for > about 18 months or so now, but over the last couple of days have run into a > problem. One of our customers has been very severely joe-jobbed, and the mass > of NDR's coming back to them is making their primary MTA/mimedefang box > crumble under the load (which can peak at a few hundred messages a minute > when the spammers kick off). > On the grounds that upgrading the hardware isn't something that can be done > quickly or easily, can anyone suggest any techniques for reducing the load at > such times? I've thought of configuring spamassassin to whitelist emails > coming from <> - but that only takes out a certain portion of the problem, > and the load from running clamd across each incoming mail is still there. The > only other thing I can think of is rejecting email to non-existant users > before defang does most of it's tests, but that would involve rigging up a > system to verify each user against the Exchange system that the mail routes > through to. > Any suggestions/clues to what I'm missing very welcome. > > cheers > john _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
