please help .. we are under fire !
steve.freegard at fsl.com
Thu May 22 12:22:09 IST 2008
Petr Zeman wrote:
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway
> for aprox. 100 local users. Normally we have 3 000 e-mails daily - 2500
> is spam 500 is usable. From tommorow we are under fire :-). Anybody
> nasty use our domain name (juli.cz) to send thousands spam e-mails. From
> yesterday we obtained over 100 000 non-delivery reports to fake address
> "tli at juli.cz" and her variants.
> I will be appreciative, for some ideas.
I would echo others comments to use one of the milters to reject invalid
recipients at SMTP time and to publish SPF records.
If you're seeing a lot of traffic to specific addresses e.g.
'tli at juli.cz', then my recommendation would be to immediately put the
following into /etc/mail/access:
To:tli at juli.cz REJECT
Then run 'make -C/etc/mail'. This will cause Sendmail to immediately
reject any mail to this address and should considerably reduce the load
on MailScanner and give you time to investigate and implement a milter.
Hope this helps.
More information about the MailScanner