cut off by spamhaus free use?

Jeff A. Earickson jaearick at colby.edu
Mon Dec 3 20:14:01 GMT 2007


On Mon, 3 Dec 2007, DAve wrote:

> Date: Mon, 03 Dec 2007 14:56:23 -0500
> From: DAve <dave.list at pixelhammer.com>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: cut off by spamhaus free use?
> 
> Jeff A. Earickson wrote:
>> On Mon, 3 Dec 2007, Matt Hayes wrote:
>>
>>> Date: Mon, 03 Dec 2007 10:04:27 -0500
>>> From: Matt Hayes <mailscanner at slackadelic.com>
>>> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>> Subject: Re: cut off by spamhaus free use?
>>>
>>> Jeff A. Earickson wrote:
>>>> On Mon, 3 Dec 2007, Jeff Mills wrote:
>>>>
>>>>> Date: Mon, 3 Dec 2007 14:22:00 +1100
>>>>> From: Jeff Mills <Jeff.Mills at versacold.com.au>
>>>>> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>>>> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
>>>>> Subject: RE: cut off by spamhaus free use?
>>>>>
>>>>>
>>>>>>>
>>>>>>> Yes it happened to one of my installs. Unfortunately, somebody had
>>>>>>> used their domain name in a spam attack, so the server got
>>>>>> thousands
>>>>>>> of extra inbound emails. It was enough for spamhaus to
>>>>>> block the servers.
>>>>>>>
>>>>>> And it appears that it is an automated process to be blocked,
>>>>>> but only a manual unblock.
>>>>>
>>>>>
>>>>> Yes!
>>>>> One of the things I have done in my servers is move the spamhaus
>>>>> list to
>>>>> the bottom of my list of RBL's.
>>>>> That way, spamhaus is only queried when none of the others match. I
>>>>> find
>>>>> that spamcop gets more than the others.
>>>>
>>>> I've had false positive problems with spamcop in the past.  I put
>>>> dnsbl.sorbs.net into action in sendmail this morning, appears to be ok.
>>>>
>>>> I had contact with a human at spamhaus, but they aren't very forthcoming
>>>> as to why I got cut off.  It would be nice if they had sent
>>>> postmaster at colby.edu
>>>> a warning, maybe with some numbers attached.
>>>>
>>>> Jeff Earickson
>>>> Colby College
>>>
>>> What indications did you all receive that you had been "cut off" other
>>> than timeouts to their servers?  Any other tell-tale signs?
>>
>> The fact that ALL of my inbound email from the Internet was getting
>> tempfailed (400 "try again later" to the sending email servers) for
>> nearly 12 hours.  The fact that my system's sar output showed 2% usage
>> instead of its normal 20 to 40% range.  After 12 hours of tempfails,
>> I had a tsunami of inbound email for a while once I got the problem
>> fixed.
>>
>> Jeff Earickson
>> Colby College
>
> Do you cache all your responses? Running a simple DNS cache on your mail
> server will greatly reduce your load on RBLs and speed up queries.

Oh yes.  I run a bind on the box as a stealth secondary, with /etc/resolv
pointing to the box as the first place to look for DNS.

Jeff Earickson
Colby College


More information about the MailScanner mailing list