[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQXTR - Help! Being spammed into next week

Subject: Re: [cobalt-users] RaQXTR - Help! Being spammed into next week
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Sun Dec 8 09:23:01 2002
Organization: Befriend Internet Services LLC
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

"Tim Skipper" <mailinglists@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> One of the domains on my XTR is being spammed into oblivion - it brought
> the whole server down about 2am this morning.  I've now removed the
> catchall address for the domain in question so none of the mail is being
> stored now, but obviously it's still hammering the CPU and my bandwidth.

Tim, in that case the email isn't being received by your mail server so
bandwidth used as a result is minimal (the emails don't get sent to your
server in this scenaro before being rejected) and the effect on the CPU
should be minimal too.  If that's not the case please provide some details
about memory usage and running processes.

> The maillog just shows "...no such user here" for 99.9% of the mail,
> unless they hit a live account.  It's being going literally continuously
> with thousands and thousands of mails being sent for well over 24 hours
> now.

Can you quantify the rate a little better?  Are you seeing 10,000 emails per
day or 500,000?  Though these emails are obviously unwanted and were filling
up someone's mail spool and your logs, I can't imagine it having a
detrimental effect on the server unless it's a *huge* number of emails.  I
say that based on experience dealing with servers receiving large amounts of
unwanted email (hundreds of thousands to several million per day).

> Is there anything I can do, short of switching mail off at server level
> (not an option with so many paying customers and other domains on it) to
> minimise the impact?

If the source of the emails are consistent you can block them through the
GUI or directly in /etc/mail./access.  And you can contact the owner of the
machine sending the email or their ISP.  And implementing blacklists or
antispam software will be effective if the emails are sent from open relays,
are detected as spam or match any of the criteria for whatever solutions you
implement.  Or a procmail rule for the catchall account that filters emails
that aren't to addresses listed in a specific file to a special IMAP folder.
There are many options.  Really depends on how you want to handle it.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

Follow-Ups:
- RE: [cobalt-users] RaQXTR - Help! Being spammed into next week
  - From: Tim Skipper

References:
- [cobalt-users] RaQXTR - Help! Being spammed into next week
  - From: Tim Skipper

Prev by Date: RE: [cobalt-users] severe raq4 problem - unknown HD space ??
Next by Date: RE: [cobalt-users] severe raq4 problem - unknown HD space ??
Previous by thread: [cobalt-users] RaQXTR - Help! Being spammed into next week
Next by thread: RE: [cobalt-users] RaQXTR - Help! Being spammed into next week

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index