cut off by spamhaus free use?

Jeff A. Earickson jaearick at colby.edu
Mon Dec 3 15:30:50 GMT 2007 

On Mon, 3 Dec 2007, Matt Hayes wrote:

> Date: Mon, 03 Dec 2007 10:04:27 -0500
> From: Matt Hayes <mailscanner at slackadelic.com>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: cut off by spamhaus free use?
> 
> Jeff A. Earickson wrote:
>> On Mon, 3 Dec 2007, Jeff Mills wrote:
>>
>>> Date: Mon, 3 Dec 2007 14:22:00 +1100
>>> From: Jeff Mills <Jeff.Mills at versacold.com.au>
>>> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>> Subject: RE: cut off by spamhaus free use?
>>>
>>>
>>>>>
>>>>> Yes it happened to one of my installs. Unfortunately, somebody had
>>>>> used their domain name in a spam attack, so the server got
>>>> thousands
>>>>> of extra inbound emails. It was enough for spamhaus to
>>>> block the servers.
>>>>>
>>>> And it appears that it is an automated process to be blocked,
>>>> but only a manual unblock.
>>>
>>>
>>> Yes!
>>> One of the things I have done in my servers is move the spamhaus list to
>>> the bottom of my list of RBL's.
>>> That way, spamhaus is only queried when none of the others match. I find
>>> that spamcop gets more than the others.
>>
>> I've had false positive problems with spamcop in the past.  I put
>> dnsbl.sorbs.net into action in sendmail this morning, appears to be ok.
>>
>> I had contact with a human at spamhaus, but they aren't very forthcoming
>> as to why I got cut off.  It would be nice if they had sent
>> postmaster at colby.edu
>> a warning, maybe with some numbers attached.
>>
>> Jeff Earickson
>> Colby College
>
> What indications did you all receive that you had been "cut off" other
> than timeouts to their servers?  Any other tell-tale signs?

The fact that ALL of my inbound email from the Internet was getting
tempfailed (400 "try again later" to the sending email servers) for
nearly 12 hours.  The fact that my system's sar output showed 2% usage
instead of its normal 20 to 40% range.  After 12 hours of tempfails,
I had a tsunami of inbound email for a while once I got the problem
fixed.

Jeff Earickson
Colby College

More information about the MailScanner mailing list