Stop inbound

Dennis Willson taz at TAZ-MANIA.COM
Thu Apr 21 11:53:50 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

How about setting up IPTABLES and then blocking port 25 inbound on the
mail server itself? When you want to block mail just start IPTables and
when you want to receive mail just stop IPTables.

Just a thought...

Steve Campbell wrote:

 AP,

If you're concerned about an idle gateway, and these are your DNS MX boxes,
I think (?) you can set up your MX records to be equal priority with a short
TTL, thus creating a round-robin DNS.

Of course, this won't help if this attack is rapid and short lived, but it
may delegate some of the mail to the secondary alleviating some of the
primary load.

I could be wrong here. Please let the list correct me if so.

Steve Campbell
campbell at cnpapers.com
Charleston Newspapers




----- Original Message -----
From: "AP" <pearsoa at SUNBEAM.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, April 21, 2005 10:52 AM
Subject: Stop inbound


  

 Hey Guys,

Is there a way that I can shutdown the reception of mail to the inbound
queue while still allowing MailScanner to process what's currently in the
inbound queue and still allow the delivery of mail in the post-processing
queue?

I know that I could turn off port 25 on the Firewall to the specific mail
gateway but I would like to do this on the Mail Gateway itself.

Here's my reason.  We sometimes early in the mornings (3-4am) get directed
SPAM attacks that loads up our primary mail gateway.  Our inbound queues
can get quite large and the primary mail gateway will continue receiving
the mail without regard to how large the inbound queue is getting.  We can
sometimes get 3000-5000 messages in the inbound queue while our secondary
mail gateway is practically idle.

I was thinking that I could write a mailqin monitoring script that would
poll the queue every 5 minutes and if it has reached some kind of
threshold, say 500-1000 messages, it would then stop the receiving of
inbound mail until MailScanner had processed the queue down to some
minimum, say 100 messages, before it would start back the receiving of
mail.  That way the secondary mail gateway would start taking on some of
the load and we could avoid some of the message delays that we get because
of the backlog.

Our primary and secondary mail gateways are fairly heavy duty boxes,
    

 Server
  

 class with dual hyper-threaded processors and lots of memory so it is not
that the boxes are underpowered it's just that the secondary box is being
under utilized.

Any thoughts or suggestions would be welcome.  If there is a better way to
handle this I would be interested to know.

Thanks,

AP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
    

 ------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
  


--

________________________________________________________________________________
[IMAGE]Dennis Willson
taz at taz-mania.com
taz at scubatech.org

www.taz-mania.com

Ham: KA6LSW
GMRS: WPSJ953
SCUBA: Rescue, Wreck, Night, EANx, Nitrox Blender, UW Photographer,
Equip, Altitude

Life should not be a journey to the grave with the intention of arriving
safely in a nice looking and well preserved body, but rather to skid in
broadside, thoroughly used up, totally worn out, and loudly proclaiming,
"WOW! WHAT A RIDE!"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2.2, Image/GIF  866bytes. ]
    [ Unable to print this part. ]

More information about the MailScanner mailing list