It's interesting you say that.... I don't give a response (most of the time they're not there to receive it anyway and it clogs up my server with undeliverable email - especially in BIG spam attacks). I have not experienced this with my servers at all. Last week, a friend of mine that owns a very large spam filtering/relay company got hit hard with this issue.
With all this, my graphs have not budged. I'm thinking it was deliberate. -----Original Message----- From: Jeff Chan [mailto:[EMAIL PROTECTED] Sent: Thursday, September 06, 2007 11:10 AM To: Rajkumar S Cc: users@spamassassin.apache.org Subject: Re: [OT] Seeing increase in smtp concurrency ? Quoting Rajkumar S <[EMAIL PROTECTED]>: > Hi, > > Does any one seeing increasing smtp concurrency for the past couple of > weeks? I run couple of (qmail/simscan/spamassassin) mail servers and > all experience the same problem. The spam does not increase, but this > is hogging my mail servers. Probably a new crop of spamming tools? > > I am attaching one qmail-mtrg graph that shows the problem. > > http://img403.imageshack.us/img403/2224/smtpmonthyq4.png > > raj > Some botnets are starting to hold mail connections open for much longer after getting a 5xxx blacklist response. Reason is unknown; could be coding errors or deliberate. Many people are changing their smtpd timeouts form the RFC 300 seconds down to 45 seconds: http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx Here's the postfix for it: ## to deal with botnets not hanging up # Drop default from RFC limit of 300s to 45s # smtpd_timeout = 45s Some people are even using 10 seconds, which seems short to me. The RFC requires 300 seconds. Jeff C.
