| Linode Forum https://forum.linode.com/ |
|
| New domain, endless spam. Old catch all? https://forum.linode.com/viewtopic.php?f=11&t=6989 |
Page 1 of 1 |
| Author: | nomad89 [ Tue Apr 19, 2011 1:57 pm ] |
| Post subject: | New domain, endless spam. Old catch all? |
I recently registered and began hosting a new domain under my Linode account. As soon as everything had been setup, I began receiving an endless stream of SPAM to a few mailboxes under it (about 1 or 2 messages per second). 99% of these are directed at a single user (in the form of domain@domain.com) with the remainder going to about 6 or 7 other mailboxes. I have faith in my mail server configuration. A majority are receiving 504 and 554 responses. These mailboxes don't exist on my end, the spammers aren't using FQDNs, and a majority are hitting my RBLs. Those that aren't receiving errors are bouncing against my greylist. I'm not a relay, and have been successfully using this server for about a year. Unfortunately, I'm not a professional sys admin, and don't have much experience in stopping these sorts of things properly. I added a few senders to my shorewall blacklist, but these messages are pouring in from thousands of IPs all over the world, so that's kind of fruitless. I have a feeling I picked up a domain with an old catch-all address that ended up absorbing a ton of crud over the years. Is there any way to effectively stop these bots from even attempting to hit these mailboxes/ my server, or is this something I'll inherit forever? It's not causing me performance or stability issues, but I'd enjoy it if my logs weren't growing and filling with all this junk. Thanks in advance for your suggestions. |
|
| Author: | reaktor [ Tue Apr 19, 2011 7:34 pm ] |
| Post subject: | |
You can get a sort of front end service to block the spam if you don't want to configure your own anti-spam techniques. Like this one: http://mailroute.info |
|
| Author: | nomad89 [ Wed Apr 20, 2011 5:23 pm ] |
| Post subject: | |
Wish there was an in-house way to resolve this, but it sounds like the only solution is a mediation server. Mail route looks interesting, will read into it more. Thanks for the info. |
|
| Author: | hoopycat [ Wed Apr 20, 2011 8:25 pm ] |
| Post subject: | |
If you want to receive mail for that domain, you'll have to receive mail for that domain. No way around it, really. Best bet is to ignore it and let logrotate take care of the logs. You can throw money at the problem and let someone else's logs fill up, but I'd rather spend the money on little chocolate donuts. They're proven to work. |
|
| Author: | glg [ Thu Apr 21, 2011 11:24 am ] |
| Post subject: | |
hoopycat wrote: If you want to receive mail for that domain, you'll have to receive mail for that domain. No way around it, really. Best bet is to ignore it and let logrotate take care of the logs. You can throw money at the problem and let someone else's logs fill up, but I'd rather spend the money on little chocolate donuts. They're proven to work.
|
|
| Author: | reaktor [ Thu Apr 21, 2011 11:47 am ] |
| Post subject: | |
nomad89 wrote: Wish there was an in-house way to resolve this, but it sounds like the only solution is a mediation server. Mail route looks interesting, will read into it more. Thanks for the info.
There is an in-house way: http://library.linode.com/email/postfix/ http://flurdy.com/docs/postfix/ (random google search result for 'ubuntu postfix spamassassin') spamassassin, clamav, amavisd, etc are common software used. Though these take some skill and time to setup and get going. But if you don't want to do that, those other services where you simply adjust your mx record will take care of the spam filtering for you. Cheers, |
|
| Author: | Vance [ Sun Apr 24, 2011 2:24 am ] |
| Post subject: | |
Receiving spam attempts is part of having a mail server connected to the Internet. If it really bothers you, then you could set up fail2ban or denyhosts to trigger on attempts to send mail to nonexistent users and block future connections from the responsible hosts (for some period of time). If you want to be especially retaliatory, you could configure fail2ban to set up a TARPIT rule for such hosts. |
|
| Author: | neo [ Mon Apr 25, 2011 7:41 pm ] |
| Post subject: | |
If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform. |
|
| Author: | vonskippy [ Mon Apr 25, 2011 8:45 pm ] |
| Post subject: | |
neo wrote: If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform.
You have to exceed 100,000 SMTP connections/day and/or 300,000 queries/day before you outgrow their free service. |
|
| Author: | graq [ Tue Apr 26, 2011 4:01 am ] |
| Post subject: | |
vonskippy wrote: neo wrote: If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform. You have to exceed 100,000 SMTP connections/day and/or 300,000 queries/day before you outgrow their free service. |
|
| Author: | neo [ Wed Apr 27, 2011 7:16 am ] |
| Post subject: | |
vonskippy wrote: neo wrote: If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform. You have to exceed 100,000 SMTP connections/day and/or 300,000 queries/day before you outgrow their free service. OP said he receives "about 1 or 2 messages per second". |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|