Heavy increase in spam influx this week?

Matt Kettler mkettler at evi-inc.com
Thu Aug 30 21:48:46 IST 2007


Matt Hayes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Kai Schaetzl wrote:
>> I notice that the "spammy" connects have at least doubled for the last 
>> three days or so, on some servers they may even be five or tenfold of the 
>> normal traffic. Do you see the same?
>>
>> Kai
>>
> 
> I think a lot of us have seen the same thing.  I know here at work and
> on my own personal hosted box things have gone crazy the past week and a
> half or so.  New virus/spam out I believe.

My guess is this is the botnet resulting from the storm worm variants going into 
action.

I've been noticing a lot of activity too. For the first time ever my sendmail 
actually hit my confMAX_DAEMON_CHILDREN limit.

A lot of them seem to be "hanging around" in the command read state, so I added 
a confTO_COMMAND limit of 10 minutes (default is 1 hour). Yes, I know you have 
to be careful shortening this, but 10 minutes between SMTP commands is still 
pretty reasonable, and hopefully will help my server shed these dead connections.





More information about the MailScanner mailing list