Tanner suggested that I bring the following message that I found in the Maia-Users mailing list to the attention of all of the Postfix users in the group, including the TriLUG sysadmins.
Brian
----- Forwarded message from Stephen Carter <[EMAIL PROTECTED]> ----- >>> "Ryan Delany" <[EMAIL PROTECTED]> 08/19/06 9:32 PM >>> >Stephen, > >The reason the messages were getting retried over and over again was >because the Maia box in this case was 450'ing the connections, and since >the spam was coming from legit mail servers (not directly from the >bot- infected machines), then according to RFC, the mail servers MUST >attempt re- delivery for a specific number of times or for a specified time >period. The important thing to note is that today's bot viruses are >designed better than in years past as they rely on the legit mail server >for the ISP that the owner of the infected PC uses, instead of trying to >spread directly from a built- in SMTP server. I'm sure if you nslookup the >IP addresses listed in the initial email, you will find the majority of >them are legitimate mail servers behaving according to RFC as they are >supposed to. I suspect the main reason for this behaviour is the increase >in ISPs blocking port 25 (since it violates the TOS for at least every ISP >in the US), which would render a bot dead in it's tracks. If the bot uses >the actual mail server for the ISP, it will be much more successful in >spreading since port 25 won't be blocked, and the mail servers will handle >the burden of re- sending as necessary. > >The reason I use the verification caching db is to remain persistent >across restarts, as a couple of the domains I filter for get constant >dictionary attacks. You are correct, postfix will maintain it's own db in >memory until you restart postfix, but then you have to start all over. So >far in the last month, my verify db file has grown to about 48MB. I don't >consider that a huge amount of disk space, considering I have 245GB free >at the moment. Naturally, I keep an eye on the file and if it grows too >big, I can easily turn it off. Not to mention there is also some >self- cleaning that happens in the verify db, so I don't anticipate it >growing much larger than 50MB. > >Ryan All very healthy and valid discussion... Regarding the verification database, I think for the sake of 50Mb - I agree that tens of Mb's aren't even worth worrying about in most cases - I might take a look at implementing that option as well. It's a small advantage for my site, but also a small enough change that i'll give it a shot anyway. Stephen Carter Retrac Networking Limited www: http://www.retnet.co.uk Ph: +44 (0)7870 218 693 Fax: +44 (0)870 7060 056 CNA, CNE 6, CNS, CCNA, MCSE 2003 _______________________________________________ Maia-users mailing list [EMAIL PROTECTED] http://www.renaissoft.com/mailman/listinfo/maia-users ----- End forwarded message -----
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
