Re: how to detect spam attacks
- Continuing with this thread I comment where I putted the options I can saw the server refuses external connections. Finally I ned to comment permit_mynetworks option and I think all is going right.
In the server the options are:
########Blacklists contra los buzones de correo###########
# reject_rbl_client zen.spamhaus.org,###demasiados falsos positivos de telefonica
Any idea where is the cause of external rejections?
Thanks && Best RegardsOn Mon, Apr 27, 2009 at 11:26 AM, deconya <elmailpersonal@...> wrote:
The first thing to do will be a blacklist created for me. Im looking to make it and is putting the line:
but I have doubts. Where I need to put this? in smtp_recipient_restrictions or in smtpd_client_restrictions?
The content inside the archive permit to put domains and Ips?
This is my configuration:
#check_client_access hash:/etc/postfix/clientes #This is correct
Other recommendations?On Mon, Apr 27, 2009 at 12:39 AM, Terry Carmen <terry@...> wrote:There are a number of things you can do, including possibly using a better (or
> Hi list
> Im with the next problem: I have and old server and Im in process to migrate
> to a better machine, but actually Im having spam attacks in the server than
> saturate it. For the age of the server and because in two weeks is replaced
> I can't install any program like spamity or similar to help to detect spam
> attacks, but I need to understand the mail.log to deduce the Ips where comes
> the attacks and stop it. Any people can help me what clues can help me to
> deduce this Ips?
an additional) blacklist, rejecting incoming connections that have no reverse
DNS entry, and on a more controversial, but very effective note, reject IP
addresses that have a "dynamic looking" reverse DNS and rejecting messages
that are for non-existent users.
If you can you can post a few log entries for this spam, as well as the output
from postconf -n, I'm sure you'll get a lot of good suggestions.
Some well-chosen restrictions will let even a small machine handle a really
significant volume of mail. The trick is to reject as much spam as possible
during the initial SMTP connection.