Getting pounded .. sigh
Julian Field
MailScanner at ecs.soton.ac.uk
Tue May 23 18:04:37 IST 2006
I thoroughly recommend milter-ahead, it is very useful indeed, and
remarkably efficient and well thought out.
Rob Poe wrote:
> I run a secondary MX for one customer, which gets the poo hit out of it
> (only 1 or so make it through, though) but the more important thing I do
> is spam/virus check mail that gets forwarded to customer email systems
> (i.e. Groupwise). If they change / add / delete a user, I have to find
> some way to forward check (yes, I know about milter-ahead, and I still
> have not decided to use or not use it yet, and I'm not switching to
> postfix) to see if it's valid. I do reject non-valid addresses to local
> domains.
>
>
>
>
>>>> martinh at solid-state-logic.com 5/23/2006 3:09:36 AM >>>
>>>>
> Rob
>
> I trick I use is to drop all email to non-valid emails addresses on
> the
> incoming MTA. I drop well over 66% of my email traffic that way and
> reduces
> the chances of having to add another ISP into ip-tables (or whatever).
>
> Of course some people don't do this as they thing the spammers will be
> able
> to find valid addresses as a result. Of course my MS/SA setup is
> pretty
> tight and I don't have to worry about that ;-)
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>>
> [mailto:mailscanner-
>
>> bounces at lists.mailscanner.info] On Behalf Of Rob Poe
>> Sent: 22 May 2006 17:57
>> To: MailScanner discussion
>> Subject: Getting pounded .. sigh
>>
>> My mail server is getting POUNDED from
>> 193.252.22.157
>> 193.252.22.158
>>
>> Which is smtp1.wanadoo.co.uk and smtp2.wanadoo.co.uk
>>
>> I blacklisted the whole 193.252.22.x
>>
>> They're targeting my list server, and SpamAssassin is grabbing them
>> (along with the fact that the list server is membership only!!)
>>
>> but I'm getting one every 5-10 seconds!!
>>
>> grep 193.252.22 /var/log/maillog | wc
>> 1863 62955 710320
>>
>> May 22 11:49:02 mail sendmail[30768]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
>>
> relay=smtp2.wanadoo.co.uk
>
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:07 mail sendmail[30769]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
>>
> relay=smtp2.wanadoo.co.uk
>
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:13 mail sendmail[30770]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
>>
> relay=smtp2.wanadoo.co.uk
>
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:27 mail sendmail[30774]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
>>
> relay=smtp2.wanadoo.co.uk
>
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:29 mail sendmail[30775]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
>>
> relay=smtp2.wanadoo.co.uk
>
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>> May 22 11:49:41 mail sendmail[30777]: ruleset=check_relay,
>> arg1=smtp2.wanadoo.co.uk, arg2=193.252.22.157,
>>
> relay=smtp2.wanadoo.co.uk
>
>> [193.252.22.157], reject=583 5.0.0 Get lost..
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be
> clean.
>
> **********************************************************************
>
>
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the MailScanner
mailing list