[Mimedefang] Dealing with massive spam burst
Joseph Brennan
brennan at columbia.edu
Wed Sep 8 13:35:41 EDT 2004
--On Wednesday, September 8, 2004 6:03 PM +0100 dr john halewood
<john at unidec.co.uk> wrote:
> hmm....
> I've had mimedefang+clamav+spamassassin running quite happily here for
> about 18 months or so now, but over the last couple of days have run into
> a problem. One of our customers has been very severely joe-jobbed, and
> the mass of NDR's coming back to them is making their primary
> MTA/mimedefang box crumble under the load (which can peak at a few
> hundred messages a minute when the spammers kick off).
> On the grounds that upgrading the hardware isn't something that can be
> done quickly or easily, can anyone suggest any techniques for reducing
> the load at such times? I've thought of configuring spamassassin to
> whitelist emails coming from <> - but that only takes out a certain
> portion of the problem, and the load from running clamd across each
> incoming mail is still there. The only other thing I can think of is
> rejecting email to non-existant users before defang does most of it's
> tests, but that would involve rigging up a system to verify each user
> against the Exchange system that the mail routes through to.
> Any suggestions/clues to what I'm missing very welcome.
If you want to use mail from <> as the trigger, have Mimedefang
check for that and do not run spam_assassin_check() at all. Note
that by doing this you allow spam from <>, but weigh one problem
against another. Generally skip Spamassassin when you can.
You might use sendmail config values to control things, like stop
accepting mail over some load average. It delays mail but keeps
the box running.
Maybe you have to close the user's account, give a new one, and
use sendmail's access.db to reject mail to that particular address
with a message stating what the new address is-- for human senders.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list