Re: postfix, spamassassin and spam ~ blocking cable and adsl modems
On Sat, 7 Aug 2004 09:52, Steven Jones <[EMAIL PROTECTED]> wrote: > We seem to be, being hit with in excess of 12,000 spam emails per day > from adsl and cable modems in the US alone. Then we get brute force > attackedthe server at times gets somewhat stretched... > > What would ppl suggest it the most efficient way to block such > addresses? If you use some DNSBL services you can block access from dial-up and broadband customer IP addresses without blocking mail servers. Below is the list of DNSBL and RHSBL services that I have one one of my machines. smtpd_client_restrictions = permit_mynetworks, reject_rbl_clientbl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dsn.rfc-ignorant.org, reject_rhsbl_client postmaster.rfc-ignorant.org > The goal here is to minimise disk i/o as that is the item being > stretched, iostat -x 5 shows over 450% utilisation.delays are geting > to 4+ hours...and they bitch if its over 5 minutes Putting some of that iostat output as a text attachment to your email would really help us advise you about this (NB don't paste it into your email as the lines are too long and will get munged). > I have 4 cpu's and spare capacity on these and I am only using 2.5 gig > out of 4gig of ram so have spare herethe box only processes incoming > smtp only, outgoing takes another route. The spare RAM will be cache, so most likely your machine is doing few disk reads and it's entirely bottlenecked on disk writes when it's running. If you mount all your file systems with the noatime option then you may save 5% or 10% of your disk access. Configure syslogd to use the "-" option for most (if not all) log files to not use synchronous writes. Every email gets several lines in the syslog and you don't want them to all be written synchronously. > At present I am running ext3 on the logging and spool directories but > considering reiserFS, a good idea? > > Also I am aiming to get more disks as I ahve only 2, so I can either > raid 0 over the 3 new disks or split the queuesto 3 disks, which > might be better? Don't use RAID-0, it increases the probability of data loss through disk error. A hardware RAID-5 over the 5 disks will give better write performance if you have a battery-backed write-back cache on the RAID controller (the cheap ones don't). > Would a scsi hwraid based cache controller be worth it? Yes. If you mount your Ext3 file systems with "data=journal" and have external journals on a separate disk then you may get really good performance. Usually the lower block numbers of a disk are mapped to the outer tracks and have a higher data transfer rate (use the zcav program in my Bonnie++ package to test this). So you could have the main file systems for storing the data on one pair of disks in a RAID-1 array and the external journals for those file systems on the fastest part of another pair of disks in a separate RAID-1. If you have a pair of disks used for nothing but journals (which will probably take <100M of disk space) then the seeks should all be very short which will give a fast access time. http://www.umem.com/PCINVRAMCARDS.html An even better option might be to use non-volatile RAM storage devices. Above is the URL for a company that makes PCI cards that have non-volatile storage. These cards can handle reads and writes at PCI bandwidth (four times faster than any hard disk even with 32bit PCI) and with no seek time (hard disks can only do about 100 seeks a second while the umem cards should do 50,000 or more depending on the size of the data blocks). I don't know whether the Linux drivers for umem cards work with the latest hardware, you would have to check with them. Also umem cards aren't particularly expensive. Last time I got a quote the high-end cards were only about $700US. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix, spamassassin and spam ~ blocking cable and adsl modems
Steven Jones <[EMAIL PROTECTED]> writes: > We seem to be, being hit with in excess of 12,000 spam emails per day from adsl > and cable modems in the US alone. Then we get brute force attackedthe > server at times gets somewhat stretched... > > What would ppl suggest it the most efficient way to block such addresses? Use bl.spamcop.net as a dnsbl, which lists currently spamming IPs instead of just blacklisting entire netblocks of mostly innocent bystanders. pgpzR227XpXOn.pgp Description: PGP signature
Re: IIS worms and apache
On Sun, Aug 08, 2004 at 03:32:51PM +1000, Russell Coker wrote: > On Sat, 7 Aug 2004 14:56, "Shannon R." <[EMAIL PROTECTED]> wrote: > > Is there a debian package wherein the app recognizes IIS worm attacks? Then > > blocks these IPs in real time? > > Why bother? They can't do any harm, and the bandwidth that they take is > usually a small portion of the total bandwidth. Why not just ignore them, > it's the easiest thing to do. one reason to do it is if you have several hundred IP-based virtual hosts on one server. the load (including logging) from virus probes against all your IP addresses at once is significant. of course, it's better to just convert as many as you can to name-based virtual hosts (i.e. all of them except https sites). this can take some time to co-ordinate if you don't host the DNS as well as the web site. do all of the sites where you host the DNS and sent notices to the domain owners where the DNS is hosted elsewhere - don't ask them, TELL them that the IP will be being changed in, say, one month's time, remind them again a few days before the scheduled date, and then make the change whether they have responded or not. the notice you send them should tell them exactly what is going on, exactly what they have to do, and the consequences of what will happen (i.e. their site will be unreachable) if they don't. craig -- craig sanders <[EMAIL PROTECTED]> The next time you vote, remember that "Regime change begins at home" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian Sarge und tomcat 4.0.4 mit j2sdk 1.3
Hi List, i had a problem with my two Sarge machines. On both maschines were j2sdk 1.33 from Blackdowan and tomcat4 installed j2sdk1.3 1.3.1.02b-2Blackdown Java(TM) 2 SDK, Standard Edition tomcat44.0.4-4Java Servlet 2.3 engine with JSP 1.2 support On Friday both maschines were unable to start tomcat4 again. The error given in catalina.out was: Exception during startup processing java.lang.reflect.InvocationTargetException: java.lang.UnsupportedClassVersionEr ror: javax/servlet/ServletException (Unsupported major.minor version 48.0) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:493) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:111) at java.net.URLClassLoader.defineClass(URLClassLoader.java:248) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLo ader.java:674) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLo ader.java:1093) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLo ader.java:992) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLo ader.java:1076) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLo ader.java:992) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315) at org.apache.catalina.core.ContainerBase.(ContainerBase.java:254) at org.apache.catalina.core.StandardEngine.(StandardEngine.java:105) at java.lang.Class.newInstance0(Native Method) at java.lang.Class.newInstance(Class.java:237) at org.apache.catalina.util.xml.ObjectCreate.start(XmlMapper.java:617) at org.apache.catalina.util.xml.XmlMapper.matchStart(XmlMapper.java:412) at org.apache.catalina.util.xml.XmlMapper.startElement(XmlMapper.java:91) at org.apache.xerces.parsers.AbstractSAXParser.startElement(AbstractSAXePar ser.java:443) I solved this porblem with installing j2sdk1.4.5 (Blackdown, too) an adding an "export LANG=de_DE" to the startupskript. But some of the running Applications have problems with java 1.4, so update Applications (what and where will be time consuming) or downgrade tomcat (if an upgrade broke it, that is)? What happend? Did an (unnoticed) upgrade broke the compatibility with java 1.3? Was ist a library ? Can anybody help? Thank in advance, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debian Sarge und tomcat 4.0.4 mit j2sdk 1.3
Hi List, i had a problem with my two Sarge machines. On both maschines were j2sdk 1.33 from Blackdowan and tomcat4 installed j2sdk1.3 1.3.1.02b-2 Blackdown Java(TM) 2 SDK, Standard Edition tomcat4 4.0.4-4 Java Servlet 2.3 engine with JSP 1.2 support On Friday both maschines were unable to start tomcat4 again -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
