Debbie D wrote:
Last Mon, Tues & Wed I had severe inflow of spam, always at 12.30p EST, Wed
it didn't stop till almost 5p. The server seems to not be very cooperative
when the queue grows over 200 or so.
...
this high amount of spam, (BTW scoring at 20-well over 1000) is killing the
loads and I have screaming clients..
I don't know that you're alone in seeing this increased traffic. For
another domain I help manage, they were seeing a large influx of
connections. For the most part, sender verification and RBL's were
blocking them. But then they threw in a little twist... opening SMTP
sessions and letting them sit. Open enough of these and processes build
up (awaiting timeout) doing nothing and new connections fail -- a crude
but effective DOS.
In my case, I now have a job running there that frequently scans the
logs to check for messages resulting in these kinds of connections and
adds them to a block list. Not perfect, but it has proved very
effective. In this case, Courier is being used... so sender
verification, RBL, SPF, etc checks happen directly in the SMTP daemon
even before spamassassin gets it's hooks on the message. I don't know
what options exist for your stack, but it's well worth looking into to
help filter out significant noise. RBL checks alone can do wonders.
Bill
- Re: I'm getting killed with spammers Bill Taroli
-
