brian put forth on 5/26/2010 8:28 PM: > On 10-05-26 09:03 PM, Stan Hoeppner wrote: >> brian put forth on 5/26/2010 1:53 PM: >> >>> FWIW, aside from aliases for the usual postmaster, abuse, and webmaster >>> addresses, this domain has just 2 actual addresses to be maintained. So, >>> might a whitelist approach be the way to go? Or, is this something i >>> should leave to iptables/fail2ban? >> >> Care to share some of the spammer IP address info? Is this botnet >> traffic or >> snowshoe? If snowshoe, I might be able to provide you with a complete >> list of >> netblocks to blacklist, solving your problem with a simple edit or two. >> > > Here you go: > > http://pastebin.com/DMgZsNCc > > I dunno about snowshoe. That was the first I'd seen the term. But it > looks like it could be, as I understand it. I'm really not knowledgable > enough to say.
I checked out a sampling of those IPs. They're a combination of bot and snowshoe, mostly bot. Typical spam stream, but apparently at a higher rate than what your VPS can effectively handle via standard Postfix smtpd restrictions. As others have stated, Postscreen should be a big help to you given that most of this is bot spam--exactly what Postscreen was designed to address. -- Stan
