please help .. we are under fire !

Steve Freegard steve.freegard at
Thu May 22 12:22:09 IST 2008

Hi Petr,

Petr Zeman wrote:
> Hello,
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway 
> for aprox. 100 local users. Normally we have 3 000 e-mails daily - 2500 
> is spam 500 is usable. From tommorow we are under fire :-). Anybody 
> nasty use our domain name ( to send thousands spam e-mails. From 
> yesterday we obtained over 100 000 non-delivery reports to fake address 
> "tli at" and her variants.

> I will be appreciative, for some ideas.

I would echo others comments to use one of the milters to reject invalid 
recipients at SMTP time and to publish SPF records.

If you're seeing a lot of traffic to specific addresses e.g. 
'tli at', then my recommendation would be to immediately put the 
following into /etc/mail/access:

To:tli at		REJECT

Then run 'make -C/etc/mail'.  This will cause Sendmail to immediately 
reject any mail to this address and should considerably reduce the load 
on MailScanner and give you time to investigate and implement a milter.

Hope this helps.

Kind regards,

More information about the MailScanner mailing list