flooded by spam

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Tue Mar 4 19:11:53 GMT 2003


Le mar 04/03/2003 à 13:34, Steve Thomas a écrit :
> Our user database is kept in an LDAP directory, which sendmail doesn't play very nicely with. Exim works quite well with LDAP, and also has the capability to reject mail for non-local users at RCPT TO: time based on the results of an LDAP lookup. Very slick.

We're using sendmail sendmail-8.11.6-23.73 (on Red Hat 7.3) with LDAP
and it works very well.

> To help subvert the problem, a while back I set up another machine to act as our primary MX. It just accepts mail and forwards it on to the secondary MX, which is actually our primary mail server. The way it forwards is via the aliases file. Every 15 minutes, a perl script queries the LDAP directory and gets a list of valid usernames. It adds the hostname of the primary mail server to the domain (user at example.com becomes user at host.example.com), reads a list of addresses which don't exist in the LDAP dir, then writes the whole thing to /etc/aliases and rebuilds. It's kind of kludgy, but it keeps my mailbox from being inundated with bounces, and keeps the queue dir from overflowing.
> 
> Spammers, however, have been getting smarter (the only direction they could go). They're starting to use secondary MXs for their dictionary attacks, which subverts the entire system I had put in place - hence the switch to exim.

If you are running on Linux, you could make quite easily (with iptables
or ipchains) your secondary MX accept incoming mail only from your
primary MX, thus forcing everyone to talk directly with your border
systems.

Denis
-- 
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045




More information about the MailScanner mailing list