> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of j debert > Sent: Sunday, October 19, 2008 12:53 PM > To: postfix-users@postfix.org > Subject: Re: Finally blocking some spam > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Joey さんは書きました: > > ~ SNIP! > > | > | Any suggestions you have to help me reduce the load on the servers, > | and the junk in the mailbox are welcome, and I can assure you I > | will try just about anything as you can see by my blanketed IP > | method which for reference has reduced spam by over 75%, and yes > | blocked a few legit users. > | > | Joey > | > | > > I've read more of the messages subsequent to the one I replied to. I > see that you have been pretty frustrated by the problem. > > I honestly can't see how you can do better with what you have. So > perhaps it would help to do something different. > > Farming out your MX to a MX service with spam filtering will reduce > the load on your servers. It isn't cheap, though. But is it saves you > time and transfers the spam blocking duty to the service. This may be > the best solution as it saves you time, traffic load and aggro. > > Fail2ban can be used with a blocklist by adding rules that block IP's > when a blocklist returns a spam result. A dedicated firewall will take > the load off your MX servers. > > If the IP is the target and not your domain, which does not seem to be > the case, a VPS or dedicated server set up as your MX will help. In > the case of dedicated servers, it's again not cheap. > > If your domain is the target I would be curious as to why. What makes > it so attractive? Or is it a DOS, harrassment, or what? Did someone > offend some spammer somehow? Perhaps the blocking method triggered a > more concentrated effort on their part? Do you block connections by > resetting them or by dropping them? Sending reset only results in more > persistent connection attempts. Dropping connections tends to cause > hosts to give up trying after a short time. > > If they are concentrating on you because of your blocking policy, it > may help to let some connections succeed and deliver the known spam to > the bit bucket instead of users. Spammers don't care whether or not > you read their spam--it's the delivery that counts and pays for them. > > I suspect that spammers may be concentrating on your domain because > you are blocking so much. If you allow most connections and drop the > spammers using various rules from blocklists, SPF, DKIM and so on, the > number of connections attempts will probably decrease. If you can't > handle the tens of thousands of connections per hour, hire an MX > service for a while until the traffic goes down, which it hopefully will. > > I can see no way of totally eliminating spam traffic, except at the > source, with a Special Force. :) It's not going to be possible to 100% > eliminate spam and only spam any other way.
I am an ISP and I provide the filtering service to a few clients and my hosting clients email. BUT we are talking SMALL in respect to the amount of users 500-700 over the 3 (dedicated to email) servers. Sub out the filtering makes no sense. Firewall rules DROP. I agree on the potential of legit mail being blocked. Running spamassasin on every domain we support will kill the server CPU wise and again as in my messages before it's about reducing overhead. I am abusing some RBL's in some cases so I need to reduce connections. The beauty of an RBL is that you send a message to legit senders letting them know they got bounced and why, but the amount of checks is just getting crazy. Have been working with fail2ban, but that has limited potential given the amount of connections from multiple IP's from spammers. That does reduce some of the connections we make back out to rbl's given it's failing after 500 errors.
