please help .. we are under fire !

Steve Freegard steve.freegard at fsl.com
Thu May 22 12:22:09 IST 2008


Hi Petr,

Petr Zeman wrote:
> Hello,
> 
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway 
> for aprox. 100 local users. Normally we have 3 000 e-mails daily - 2500 
> is spam 500 is usable. From tommorow we are under fire :-). Anybody 
> nasty use our domain name (juli.cz) to send thousands spam e-mails. From 
> yesterday we obtained over 100 000 non-delivery reports to fake address 
> "tli at juli.cz" and her variants.

> I will be appreciative, for some ideas.

I would echo others comments to use one of the milters to reject invalid 
recipients at SMTP time and to publish SPF records.

If you're seeing a lot of traffic to specific addresses e.g. 
'tli at juli.cz', then my recommendation would be to immediately put the 
following into /etc/mail/access:

To:tli at juli.cz		REJECT

Then run 'make -C/etc/mail'.  This will cause Sendmail to immediately 
reject any mail to this address and should considerably reduce the load 
on MailScanner and give you time to investigate and implement a milter.

Hope this helps.

Kind regards,
Steve.



More information about the MailScanner mailing list