Re: how to detect spam attacks

Mon, 27 Apr 2009 02:27:14 -0700 

Hi list

The first thing to do will be a blacklist created for me. Im looking to make
it and is putting the line:

check_client_access hash:/etc/postfix/blacklist

but I have doubts. Where I need to put this? in smtp_recipient_restrictions
or in smtpd_client_restrictions?
The content inside the archive permit to put domains and Ips?
For example:
121.222.33.44 REJECT
domain.com REJECT

This is my configuration:

smtpd_recipient_restrictions =
        check_recipient_access hash:/etc/postfix/overquota,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_hostname,
        reject_unauth_pipelining,
        #check_client_access    hash:/etc/postfix/clientes #This is correct
        reject_unauth_destination,
        reject_rbl_client rbl.orbitrbl.com,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client whois.rfc-ignorant.org,
        reject_rbl_client dnsbl.njabl.org,
        reject_rbl_client zombie.dnsbl.sorbs.net,
        reject_rbl_client bl.spamcop.net,
        permit

Other recommendations?

On Mon, Apr 27, 2009 at 12:39 AM, Terry Carmen <[email protected]> wrote:

>
> > Hi list
> >
> > Im with the next problem: I have and old server and Im in process to
> migrate
> > to a better machine, but actually Im having spam attacks in the server
> than
> > saturate it. For  the age of the server and because in two weeks is
> replaced
> > I can't install any program like spamity or similar to help to detect
> spam
> > attacks, but I need to understand the mail.log to deduce the Ips where
> comes
> > the attacks and stop it. Any people can help me what clues can help me to
> > deduce this Ips?
>
> There are a number of things you can do, including possibly using a better
> (or
> an additional) blacklist, rejecting incoming connections that have no
> reverse
> DNS entry, and on a more controversial, but very effective note, reject IP
> addresses that have a "dynamic looking" reverse DNS and rejecting messages
> that are for non-existent users.
>
> If you can you can post a few log entries for this spam, as well as the
> output
> from postconf -n, I'm sure you'll get a lot of good suggestions.
>
> Some well-chosen restrictions will let even a small machine handle a really
> significant volume of mail. The trick is to reject as much spam as possible
> during the initial SMTP connection.
>
> Terry
>
>
>
>
>

Reply via email to