Need advice on new mailserver and spam

Alexander Dalloz ad+lists at uni-x.org
Mon Jun 6 15:35:15 UTC 2005 

Am Mo, den 06.06.2005 schrieb Bob Brennan um 17:22:

> I've been called in to solve some massive email problems in a company
> that has about 30 employees and an external mailserver. They receive
> on average about 100 legitimate emails per day and 3000+ spams plus
> the usual virus and worm attacks.
> 
> I am of course recommending FC with Sendmail, Procmail, SpamAssasin
> and ClamAV on an inhouse mailserver, all of which I've had experience
> and spectacular results with.

Me too.

> Their spam problem, IMHO, comes from the mailserver they currently use
> accepting all non-mailbox email into a postmaster at domain.com account
> which has a quota of 1000 emails, which then sends over-quota
> rejection notices to senders for all @domain.com incoming; effectively
> shutting down all incoming email. My theory is that the reject notices
> are taken as replies by spambots and encourages even more spam.
> Short-term measures include emptying postmaster@ every 10 minutes and
> filtering for valid mis-addressed emails, but even with that the
> volume of incoming spam seriously slows down the service.
> 
> My question is - long term - is it better to set up the mailserver to
> reject all non-mailbox emails to cut down on the incoming processing
> load; or to filter and bit-bucket the spam in the hopes that the
> volume will decrease over time with no responses to the spam? Or any
> other techniques any of you are using for such problems?
> 
> Thanks in advance for opinions/suggestions,
> bob

Nowadays it isn't wise to use a catch-all directing to the postmaster.
You are right that you should only accept mail to existing mail
addresses and reject non existing addresses as soon as possible in the
smtp stream. Legitimate senders will read the DSN mail they get when
they i.e. have misspelled a mail recipient address (you can customize
the rejection message Sendmail sends the sending MTA if you want to be
more clear to senders than "user unknown"). They can correct and resend.
Worms and trojans don't care. I am very sure you take much of the
pressure from the current mail server after you changed that basic
setup.

I too recommend to make use of the feature greet_pause which came with
Sendmail 8.13.x. Set it to 3000 (milliseconds) and observe the maillog.
You may whitelist some regular sending hosts which don't spam.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 17:27:18 up 13 days, 16:04, load average: 0.11, 0.11, 0.09 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050606/e3178a27/attachment-0001.sig>

More information about the fedora-list mailing list