[Mimedefang] Dealing with massive spam burst
dr john halewood
john at unidec.co.uk
Wed Sep 8 13:03:26 EDT 2004
hmm....
I've had mimedefang+clamav+spamassassin running quite happily here for
about 18 months or so now, but over the last couple of days have run into a
problem. One of our customers has been very severely joe-jobbed, and the mass
of NDR's coming back to them is making their primary MTA/mimedefang box
crumble under the load (which can peak at a few hundred messages a minute
when the spammers kick off).
On the grounds that upgrading the hardware isn't something that can be done
quickly or easily, can anyone suggest any techniques for reducing the load at
such times? I've thought of configuring spamassassin to whitelist emails
coming from <> - but that only takes out a certain portion of the problem,
and the load from running clamd across each incoming mail is still there. The
only other thing I can think of is rejecting email to non-existant users
before defang does most of it's tests, but that would involve rigging up a
system to verify each user against the Exchange system that the mail routes
through to.
Any suggestions/clues to what I'm missing very welcome.
cheers
john
More information about the MIMEDefang
mailing list