Loading ...
Sorry, an error occurred while loading the content.
 

Re: how to detect spam attacks

Expand Messages
  • deconya
    Continuing with this thread I comment where I putted the options I can saw the server refuses external connections. Finally I ned to comment permit_mynetworks
    Message 1 of 6 , Apr 27, 2009
      Continuing with this thread I comment where I putted the options I can saw the server refuses external connections. Finally I ned to comment permit_mynetworks option and I think all is going right.

      In the server the options are:

      smtpd_recipient_restrictions =
              check_recipient_access hash:/etc/postfix/overquota,
      #       permit_mynetworks,
              permit_sasl_authenticated,
              reject_invalid_hostname,
              reject_unauth_pipelining,
              check_client_access     hash:/etc/postfix/clientes
              reject_unauth_destination,
      ########Blacklists contra los buzones de correo###########
              reject_rbl_client rbl.orbitrbl.com,
      #       reject_rbl_client zen.spamhaus.org,###demasiados falsos positivos de telefonica
              reject_rbl_client whois.rfc-ignorant.org,
              reject_rbl_client dnsbl.njabl.org,
              reject_rbl_client zombie.dnsbl.sorbs.net,
              reject_rbl_client bl.spamcop.net,
              reject_rbl_client cbl.abuseat.org,
              reject_rbl_client psbl.surriel.com,
              permit

      Any idea where is the cause of external rejections?

      Thanks && Best Regards

      On Mon, Apr 27, 2009 at 11:26 AM, deconya <elmailpersonal@...> wrote:
      Hi list

      The first thing to do will be a blacklist created for me. Im looking to make it and is putting the line:

      check_client_access hash:/etc/postfix/blacklist

      but I have doubts. Where I need to put this? in smtp_recipient_restrictions or in smtpd_client_restrictions?
      The content inside the archive permit to put domains and Ips?
      For example:
      121.222.33.44 REJECT
      domain.com REJECT

      This is my configuration:

      smtpd_recipient_restrictions =
              check_recipient_access hash:/etc/postfix/overquota,
              permit_mynetworks,
              permit_sasl_authenticated,
              reject_invalid_hostname,
              reject_unauth_pipelining,
              #check_client_access    hash:/etc/postfix/clientes #This is correct
              reject_unauth_destination,
              reject_rbl_client rbl.orbitrbl.com,
              reject_rbl_client zen.spamhaus.org,
              reject_rbl_client whois.rfc-ignorant.org,
              reject_rbl_client dnsbl.njabl.org,
              reject_rbl_client zombie.dnsbl.sorbs.net,
              reject_rbl_client bl.spamcop.net,
              permit
       
      Other recommendations?


      On Mon, Apr 27, 2009 at 12:39 AM, Terry Carmen <terry@...> wrote:

      > Hi list
      >
      > Im with the next problem: I have and old server and Im in process to migrate
      > to a better machine, but actually Im having spam attacks in the server than
      > saturate it. For  the age of the server and because in two weeks is replaced
      > I can't install any program like spamity or similar to help to detect spam
      > attacks, but I need to understand the mail.log to deduce the Ips where comes
      > the attacks and stop it. Any people can help me what clues can help me to
      > deduce this Ips?

      There are a number of things you can do, including possibly using a better (or
      an additional) blacklist, rejecting incoming connections that have no reverse
      DNS entry, and on a more controversial, but very effective note, reject IP
      addresses that have a "dynamic looking" reverse DNS and rejecting messages
      that are for non-existent users.

      If you can you can post a few log entries for this spam, as well as the output
      from postconf -n, I'm sure you'll get a lot of good suggestions.

      Some well-chosen restrictions will let even a small machine handle a really
      significant volume of mail. The trick is to reject as much spam as possible
      during the initial SMTP connection.

      Terry






    Your message has been successfully submitted and would be delivered to recipients shortly.