Heavy increase in spam influx this week?

[Matt Kettler]

Matt Hayes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Kai Schaetzl wrote:
>> I notice that the "spammy" connects have at least doubled for the last 
>> three days or so, on some servers they may even be five or tenfold of the 
>> normal traffic. Do you see the same?
>>
>> Kai
>>
> 
> I think a lot of us have seen the same thing.  I know here at work and
> on my own personal hosted box things have gone crazy the past week and a
> half or so.  New virus/spam out I believe.

My guess is this is the botnet resulting from the storm worm variants going into 
action.

I've been noticing a lot of activity too. For the first time ever my sendmail 
actually hit my confMAX_DAEMON_CHILDREN limit.

A lot of them seem to be "hanging around" in the command read state, so I added 
a confTO_COMMAND limit of 10 minutes (default is 1 hour). Yes, I know you have 
to be careful shortening this, but 10 minutes between SMTP commands is still 
pretty reasonable, and hopefully will help my server shed these dead connections.