cut off by spamhaus free use?

DAve dave.list at pixelhammer.com
Mon Dec 3 19:56:23 GMT 2007


Jeff A. Earickson wrote:
> On Mon, 3 Dec 2007, Matt Hayes wrote:
> 
>> Date: Mon, 03 Dec 2007 10:04:27 -0500
>> From: Matt Hayes <mailscanner at slackadelic.com>
>> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>> Subject: Re: cut off by spamhaus free use?
>>
>> Jeff A. Earickson wrote:
>>> On Mon, 3 Dec 2007, Jeff Mills wrote:
>>>
>>>> Date: Mon, 3 Dec 2007 14:22:00 +1100
>>>> From: Jeff Mills <Jeff.Mills at versacold.com.au>
>>>> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>>> Subject: RE: cut off by spamhaus free use?
>>>>
>>>>
>>>>>>
>>>>>> Yes it happened to one of my installs. Unfortunately, somebody had
>>>>>> used their domain name in a spam attack, so the server got
>>>>> thousands
>>>>>> of extra inbound emails. It was enough for spamhaus to
>>>>> block the servers.
>>>>>>
>>>>> And it appears that it is an automated process to be blocked,
>>>>> but only a manual unblock.
>>>>
>>>>
>>>> Yes!
>>>> One of the things I have done in my servers is move the spamhaus
>>>> list to
>>>> the bottom of my list of RBL's.
>>>> That way, spamhaus is only queried when none of the others match. I
>>>> find
>>>> that spamcop gets more than the others.
>>>
>>> I've had false positive problems with spamcop in the past.  I put
>>> dnsbl.sorbs.net into action in sendmail this morning, appears to be ok.
>>>
>>> I had contact with a human at spamhaus, but they aren't very forthcoming
>>> as to why I got cut off.  It would be nice if they had sent
>>> postmaster at colby.edu
>>> a warning, maybe with some numbers attached.
>>>
>>> Jeff Earickson
>>> Colby College
>>
>> What indications did you all receive that you had been "cut off" other
>> than timeouts to their servers?  Any other tell-tale signs?
> 
> The fact that ALL of my inbound email from the Internet was getting
> tempfailed (400 "try again later" to the sending email servers) for
> nearly 12 hours.  The fact that my system's sar output showed 2% usage
> instead of its normal 20 to 40% range.  After 12 hours of tempfails,
> I had a tsunami of inbound email for a while once I got the problem
> fixed.
> 
> Jeff Earickson
> Colby College

Do you cache all your responses? Running a simple DNS cache on your mail
server will greatly reduce your load on RBLs and speed up queries.

DAve

-- 
I've been asking Google for a Veteran's Day logo since 2000,
maybe 1999. I was told they finally did a Veteran's Day logo,
but none of the links I was given return anything but a
normal Google logo.

Sad, very sad. Maybe the Chinese Government didn't like it?



More information about the MailScanner mailing list