Hi all,

recently, I've noticed my server runs a bit slow.
Netstat shows me I have a dozen smtp connections from a dozen adresses, from bulgaria and russia and china, I thought they try to brute force crack my smtp auth so I just iptables them away. But turns out they change addresses and they brute force guess my server's usernames:) So my james died with OutOfMemoryError, after 8GB spams in address-error directory, about 1.8 million messages, when 500 MB ram wasn't enough. FTR I did receive 38468 spams (~2%), which bayesian server & client side correctly identified as spam and stored to my junk & trash folders; I use them for statistics, want more statistics let me know.

Makes me think, james default conf is in fact insecure - spammers may DoS your server away anytime. They just bomb you with millions of messages, you never read any of them, but your server dies.

Should't default matcher class be Null for address-error?

Does database store help at all? You just get db or disk full instead of memory full, right?

BTW, AFAIK ppl use greylisting to rather sucesfully get rid of spammer's DoS. Here's how it works: spammer gets 450 service temporary unavailable and gives up, and good MTA retries after a while and delivers. Personally, I'd never use it, it only introduces unnecessary delays in mail delivery; exact delay depends on foreign MTA config, and it can be quite annoying in biz environment. Furthermore, it's just a matter of time when spammers get smarter and greylisting won't work anymore.

Regards...

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to