Qmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Distributed spam attack.

from [John Simpson] [Permanent Link][Original]
To: qmail@list.cr.yp.to
Subject: Re: Distributed spam attack.
From: John Simpson <jms1@jms1.net>
Date: Wed, 29 Nov 2006 15:24:03 -0500
Delivered-to: sp-com-lists@consult.net
Delivered-to: gmail-qmail@securepoint.com
Delivered-to: sp.com.list@gmail.com
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <1164808174.22680.10.camel@mtice-ubuntu>
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
References: <1164808174.22680.10.camel@mtice-ubuntu> 
On 2006-11-29, at 0849, Matt wrote:


So I've searched around but haven't found any real solutions (in fact,
there may not be any solutions).  For the past week one of my virtual
domains has been slammed by what appears to be a distributed spam
attack.  I have the validrcptto patch
(http://qmail.jms1.net/patches/combined-6c5.shtml)
installed - so at least I don't have 80,000 messages trying to bounce.
coolness- i didn't realize that many people were actually using my stuff, other than the "qmailrocks" community. (i know, qmailrocks is "qmail for dummies" and all that... i've been trying to force-feed some intelligence into the qmailrocks mailing list, and we're getting quite a few knowledgeable people over there now. it's still nowhere near the level of this list, but it's at least moving in the right direction.) 


At first it was a big deal because it assisted in maxing out my remote
concurrency, but that has subsided quite a bit now - so now it's just
annoying me.  Is there any real solutions to deal with this?  I could
add the ip addresses to my iptables . . . but boy would that be a lot of 
ip's.
somebody already suggested greylisting. i agree, i'm doing it on my own server. and while i can't say it's been perfect, it has taken a LARGE chunk of the spam i receive from zombies- because most zombies don't bother to try again if they can't send a message the first time.
there are several greylisting schemes out there, both stand-alone programs and patches... i'm doing it using a stand-alone program that i wrote. if you're using my combined patch then you're probably using my "run" script as well. if so, the script already has a variable you can define to tell it where to find your greylisting program, so you should be able to get it running fairly easily. 

http://qmail.jms1.net/scripts/jgreylist.shtml
and of course if anybody else wants to look at the script and suggest ways to improve it (or anything else on my web site), i'm all ears... 

--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <jms1@jms1.net> |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |
--------------------------------------------------

Attachment: PGP.sig
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: greylisting quetion, John Simpson
Next by Date:  Re: Advanced tricks I use to get rid of spam using MX 4xx, Russ Nelson
Previous by Thread:  Re: Distributed spam attack., Ajai Khattri
Next by Thread:  Re: Distributed spam attack., Markus Stumpf
Indexes:  [Date] [Thread] [Top] [All Lists]