flooded by spam
Steve Thomas
lists at STHOMAS.NET
Tue Mar 4 18:34:55 GMT 2003
On Tue, Mar 04, 2003 at 07:53:55PM +0200, Radu IONESCU is rumored to have said:
>
> Daily, thousands bounced messages are hitting our gateway. It accepts them,
> scans them, then sends them internally (mailertables) to our domain server
> which in turn refuses them. The gateway root mailbox is flooded with
> postmaster notifies and returned messages sent also back to the Internet,
> etc.
I'm switching over from sendmail to exim here at our office for this exact reason, except our problem is with dictionary style spam attacks, not joe-jobbing. I only have MailScanner integration and mbox-maildir conversion left before making the switch.
Our user database is kept in an LDAP directory, which sendmail doesn't play very nicely with. Exim works quite well with LDAP, and also has the capability to reject mail for non-local users at RCPT TO: time based on the results of an LDAP lookup. Very slick.
To help subvert the problem, a while back I set up another machine to act as our primary MX. It just accepts mail and forwards it on to the secondary MX, which is actually our primary mail server. The way it forwards is via the aliases file. Every 15 minutes, a perl script queries the LDAP directory and gets a list of valid usernames. It adds the hostname of the primary mail server to the domain (user at example.com becomes user at host.example.com), reads a list of addresses which don't exist in the LDAP dir, then writes the whole thing to /etc/aliases and rebuilds. It's kind of kludgy, but it keeps my mailbox from being inundated with bounces, and keeps the queue dir from overflowing.
Spammers, however, have been getting smarter (the only direction they could go). They're starting to use secondary MXs for their dictionary attacks, which subverts the entire system I had put in place - hence the switch to exim.
If you can, take a look at exim to replace sendmail. It supports LDAP, SQL, dbm files, flat files, etc... I've only been playing with it for about a week, but so far I like what I see. It makes me realize that while sendmail is still very good at what it does, the list of things it doesn't do (or doesn't do well) is growing...
St-
More information about the MailScanner
mailing list