Am 20.05.2016 um 17:11 schrieb Rick Macdougall:
On 2016-05-20 11:00 AM, Reindl Harald wrote:Am 20.05.2016 um 16:50 schrieb Rick Macdougall:On 2016-05-20 10:36 AM, Paul Stead wrote:Second, the foxhole_js database is what you're looking for Paul On 20/05/16 13:11, Reindl Harald wrote:Am 20.05.2016 um 13:07 schrieb Dianne Skoll:On Fri, 20 May 2016 09:31:48 +0300 Emin Akbulut <eminakbu...@gmail.com> wrote:What do you suggest to fight these spams?ClamAV is basically uselessno it is not, look at the sanesecurity foxhole signatures http://sanesecurity.com/usage/signatures/Thirded, Statistics since: 19 April 2016 04:02:15 Total Viruses stopped: [ 271764 ] Total Unique Viruses: [ 2242 ] Viruses stopped in the last 24 hours: [ 20118 ]how and why do get that much crap to that stage on the inbound server? 2 days ago we had a peak of 450000 junk attempts which is 10 time higher than on normal days and nothing measurable made it to smtpd, not talking about contentfilters at all hence the virtual machine running the inbound MX still on 100-250 MHzInbound servers, 6 of them. We are an ISP with 10s of thousands accounts, plus content filtering for many other commercial domains
well, the domain in the last flood had 120000 accountsthe point is that valid accounts, even freemail can't spread that amout of spam and all the bots are listed on enough blacklists to make a foolproof score-based reject while most of them anyways not surivive pregreet-tests and the rest just hangs up after 10-11 seconds and don't surivive "postscreen_greet_wait = ${stress?2}${stress:12}s" which means a client ip has to wait once a week here 12 seconds to make it to smtpd
that all plays far far away from content-scanning and between that and the content-scanners are conditional greylistings, honeypot-backup-mx always responding with 450 and helo/ptr-checks combined with a spf-policyd
the comes spamassassin rejecting the surviving piece mostly if it contains malware or not and at the very end of the chain comes clamav-milter facing mostly ham and very few real remaining junk/malware
signature.asc
Description: OpenPGP digital signature
