> -----Original Message----- > From: Jorey Bump [mailto:[EMAIL PROTECTED] > Sent: Monday, October 13, 2008 6:09 PM > To: Joey > Cc: postfix-users@postfix.org > Subject: Re: Finally blocking some spam > > > I don't think anyone can argue that these numbers are not the pattern of > > NORMAL servers, or of legit email. > > We maybe support 400-500 users total! No way 1 Million legit messages are > > coming in from Turkey today, this week or even this month. > > connections != messages > > Make sure you count the hosts, not the number of packets that were > attempted. In many cases, each host is only trying to send one message. > Blocking can skew the numbers (but the ones you report are still rather > large). > OK > Consider that your IP address has become tainted. If you've been using > it for a long time (or inherited an IP with a history), there is a > possibility that a number of these attempts are automated and not even > aimed at your users. In that case, try moving to a new IP address with > no SMTP history. > Excellent point, we have used our servers with those IP's for 10 years so it may be time for a quick change.
> You might also monitor the target recipients, to see if an address (or > domain) has become an attractor for some reason. This can be done > maliciously, and is enough of an excuse to retire the address. > We have done this and we see this for domains, but we can't stop supporting that domain. We really haven't seen a large amount for a specific user etc. We also don't allow "catch all" emails for a domain. Thanks for the ideas.
