Some really newbie quesitons.

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Wed Jun 2 14:32:41 IST 2004


Paul

I feel for ya..

here's how I do it...

1) I only allow email for 'known' accounts into my MailScanner box (rest 
is rejected by the MTA - user unknown) - that's 2/3s of my email traffic!
2) I don't bounce anything else from anywhere - all 'modern' viruses and 
spam forge the from info so it's totally useless bouncing later that at 
the MTA insertion point (1).
3) I then run SA etc from with MS. I've got quite a few extra rules etc 
that I've downloaded/ tuned over the last 6 months. Anything with a SA 
score of 10 or more is not delivered. this traps over 70% of the 
remaining email.
4) anything with a score from 5 to 10 us delivered but tagged with 
{Spam?} in the subject. another 2% is caught here.

5) the users stop getting 1-200 messages a day of spam...yay

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Paul Rantin wrote:
> Hi All
> 
> Many thanks for all your inputs, like I said I’m a newbie to all of this.
> I’ve just started to mess about with mail servers. I’m one guy, one domain
> who all of a sudden is getting hammered by one of the big three US
> spammers, I get more that 700 emails a day of spam. They are using a
> blanket attack, i.e. *randomname*@mydomian.com and it gets very tiring
> trying to sort it out. That is why I have installed SpamAssasin and
> MailScanner. As Kevin emailed I am using a mail forwarded system from my
> hosting service and because of the way I have my mail system setup I use
> the catch all option which redirects to a mail account. Now with this
> amount of spam I have having to setup filers for all the mail addresses
> that I use.
> All of this is extra work for me and I am very angry that I have to do
> this. When I see other replies stating that I should just delete it my
> instant response is why should I if I am getting spammed why should I not
> bounce it back? Yes I know that the mail header is forged but I feel
> totally useless that someone is attacking my system and there’s not a lot I
> can do about it. I thought some of it would maybe get back and if they seen
> that it was getting bounced it might get them to stop, again I know this
> more often than not the case but I have had a hacked attempt on the spam
> trap email account I had setup to process the incoming mails, so some do
> monitor what they get bounced back.
> 
> As always I’m open to suggestions on how I can tackle this.
> 
> Thanks again
> 
> Paul
> 
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
> 

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html




More information about the MailScanner mailing list