Peter Henderson ha scritto:
Hi folks
I'm looking at the size of the address_error dir.
Currently I see ~734000 files in that dir, since I emptied it about 3 months
ago.
From what I can see, most if not all of it is spam.
Is that normal? or have I got a borked james config?
If that is normal, I am thinking about writing a mailet which automatically
adds a firewall rule to
drop connections from ip addresses which cause 2 or more address errors.
Initially for 24h but later
ramping up to longer periods. Any advice on this sort of mechanism to combat
spam?
Unfortunately this probably won't work: spammers use botnets. The last
time I monitored one of my servers serving a bunch of domains (5?) I got
300000 mails from 280000 different IPs... Banning IPs was a lost cause
(at least in my scenario).
Dropping the connection as soon as possible is instead another thing. In
JAMES we called this "Fast fail". In james 2.3.1 there is some hidden
experimental features to do that, but most work have been done in the
development version (trunk).
IIRC in 2.3.1 the most you can do is enabling DNSRBL checks
(DNSRBLHandler) in protocol so to fail as soon as possible on dialup
IPs. This will increase a lot your DNS traffic.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
