Hi all,
recently, I've noticed my server runs a bit slow.
Netstat shows me I have a dozen smtp connections from a dozen adresses,
from bulgaria and russia and china, I thought they try to brute force
crack my smtp auth so I just iptables them away.
But turns out they change addresses and they brute force guess my
server's usernames:)
So my james died with OutOfMemoryError, after 8GB spams in address-error
directory, about 1.8 million messages, when 500 MB ram wasn't enough.
FTR I did receive 38468 spams (~2%), which bayesian server & client side
correctly identified as spam and stored to my junk & trash folders; I
use them for statistics, want more statistics let me know.
Makes me think, james default conf is in fact insecure - spammers may
DoS your server away anytime. They just bomb you with millions of
messages, you never read any of them, but your server dies.
Should't default matcher class be Null for address-error?
Does database store help at all? You just get db or disk full instead of
memory full, right?
BTW, AFAIK ppl use greylisting to rather sucesfully get rid of spammer's
DoS. Here's how it works: spammer gets 450 service temporary unavailable
and gives up, and good MTA retries after a while and delivers.
Personally, I'd never use it, it only introduces unnecessary delays in
mail delivery; exact delay depends on foreign MTA config, and it can be
quite annoying in biz environment. Furthermore, it's just a matter of
time when spammers get smarter and greylisting won't work anymore.
Regards...
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
