Help! ....We are taking 120k msgs per day and climbing
Rick Cooper
rcooper at DWFORD.COM
Wed Jun 16 18:58:57 IST 2004
You don't say what you are doing to filter obviously bad sessions out at the
MTA level. Do some cursory rbl checks, look for bad helos (your ip literal
as helo name, foreign host using your host name(s)) also if you are getting
a lot of viruses check your log and see if there are not a lot of non FQDN
helos coming and drop those (assuming sendmail can be configured that way).
I have noticed a few of the newer malware has taken to faking FQDN like
BOBSPC.org but most of them still send the windows machine name unqualified.
Are you getting hit by a relatively few hosts that can be firewalled from
port 25 connections? At least some basic security at the MTA level?. You may
find you can drop a lot of the garbage inexpensively this way rather than
having MS/SA handle all the security, which is a pretty expensive solution
at best.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On Behalf
Of Michael Emdy
Sent: Wednesday, June 16, 2004 12:07 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Help! ....We are taking 120k msgs per day and climbing
We're having excessively high loads (see below, let me know if anyone wants
to see something else) even though we have implemented MailScanner now
using the XBL+SBL, and using whitelist/blacklists our volume continues to
grow. We need to take action to stop the flood of mail, we're getting hit
by every trick in the book it seems but we can only do so much. The
MailScanner gateway has offloaded and provided protection to our internal MS
Exchange system but at this rate it won't last long either.
Any suggestions would be greatly appreciated to help us optimize the
Mailscanner gateway or actions we could take to help cut down our volume.
Some questions we have is, should we reject or discard mail at the Sendmail
level or take other actions to bounce mail?
It appears that there are alot of processes in the queue that are fighting
for cpu time, not sure what this is caused by, perhaps it's alot of open
connections waiting for input.
Below i've included detailed info in a text file (to avoid wasting
bandwidth) to paint a picture of our system and maybe you can see a problem
that i don't.
http://www.ewebtricity.net/email-stats.txt
thanks for your help in advance
MTE
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean. -------------------------- MailScanner
list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list