[Cialug] damn spammers

[Dave Weis]

chris wrote:
> For added benefit, try watching the logs for the 550's or NOQUE and
> dropping in a firewall rule for the next couple of hours for the
> rejected sender to prevent any more garbage from them.  It gives the
> mail server a chance to catch it's breath before all hell breaks loose
> again.
> 
> I used to block for a full week, but it was getting difficult to deal
> with the memory requirements needed for the millions of iptables rules. :)

Out of 2.5 million encounters with our mail server, there are 225,000 
unique IP addresses based on some processing with cut, sort, and uniq. 
I'm sure it would have been one line of perl but I didn't want to wear 
out my punctuation keys. :-)

> Dave Weis wrote:
>> neal daringer wrote:
>>> Dave Weis wrote:
>>>> My little mail forwarding experiment is working well. I was going
>>>> through the logs and between Nov 4 at 6 AM and now it's dropped 2.4
>>>> million emails. There have been a whopping 117 legitimate emails
>>>> forwarded onward.
>>> what praytell is this experiment? and how does it work?
>> I have a customer domain that has 3-4 addresses that get forwarded to
>> real people. Someone combined the domain with every possible left hand
>> side of an email address and has been hitting it with spam for a few
>> months. It finally got to the point that the real server was having
>> problems dealing with the load. I had asked for some help a few weeks
>> ago and have postfix tightened up to drop a lot of the junk. A large
>> part of the problem is that it was taking in email and sending an
>> asynchronous bounce instead of an immediate 550 and discarding the message.