On 9/23/07, Darrin Chandler <[EMAIL PROTECTED]> wrote: > On Sun, Sep 23, 2007 at 03:33:03PM -0700, patrick keshishian wrote: > > At around 1:40 PM (PDT) my SMTP server started getting flooded > > by enormous amount of connections. The connections were for > > seemingly random "users" @my-domain-name. > > > > I'm running spamdb in greylist mode, but these servers were > > getting white-listed very quickly. > > > > $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE > > 717 > > I've seen something *very* similar. In my case the "user" portions > seemed random at first glance, but some were repeated a LOT. See if you > have that, too. If so, enter those "random" addresses as SPAMTRAP > entries. That way they're blocked for 24 hours, and will reblock > themselves if they persist.
They seemed pretty random to me, but I did a quick check after reading your response and I see 468 unique "fake" email address @my-domain, only one was duplicated twice. This was in the span of about 1 hour, from 13:38 to 14:31 Pacific time. After which I enabled filtering of SMTP port 'til I figure out what I am going to do. I can't imagine entering all those address as spamtraps. Another user suggested greytrapping in private email, which made me reread spamd(8) a couple of times, at least the 'GREYTRAPPING' section, which mentions /etc/mail/spamd.alloweddomains file. It doesn't specifically say one could use it to enter valid email address in that file, but a naive look at the source spamd/grey.c suggests it could work. I plan on giving this a try unless someone from the list advises against it. Is there anyway one could flush the GREY entries from spamdb? I had the problem where I would clear the WHITE entries that didn't belong, but the WHITE list would grow rapidly out of control again. I'm not sure if this is related or not, but I have noticed that a few times yesterday and once again tonight around 8PM PDT, spamd-setup failed on ftp with "connection time out". Thanks for all the replies. > I had also done a log tailer that added to a blacklist, but that turned > out not to be needed with the above. ymmv. > > -- > Darrin Chandler | Phoenix BSD User Group | MetaBUG > [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ > http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation > -- "How romantic. Two lovers' first kiss shared on the banks of the river Seine" -- LL as CK (ep.72 s04e06)
