On Wed, May 20, 2009 at 1:09 AM, Marc Perkel <m...@perkel.com> wrote: > > > option8 wrote: >> >> on my small server setup, i host around 30 domains. between SA and a >> fairly >> aggressive exim setup, very little spam gets through to the end users. >> most >> of it doesn't even get far enough to hit my logs. >> >> however, one domain that i host gets constantly bombarded, and has since i >> took it over from another ISP a few years ago. most of these connections >> look like dictionary attacks (joe@, bill@, admin@, webmaster@, etc) or >> backscatter/bounces. >> >> at first, i thought it might be an attempt at a DOS on them (or me), since >> my traffic spiked right after i took over the domain, but it hasn't let >> up. >> is there any particular reason this might be happening to just this one >> domain? >> >> beyond that, is there any hope of this ever stopping? short of offloading >> their MX to gmail or something, i feel like i may be stuck with fending >> off >> a ton of spam for this one domain, while the rest only ever see a trickle. >> >> --option8. >>
it is common for one domains to get an order of magnitude more spam than another that seems just like it. like mark said, it probably won't stop. low overhead techniques like greylisting or no listing can reduce the stress on your server quite a bit. configuring your mta to close connections after X errors will help with the dictionary attacks, and you can combine that with fail2ban to go even further. > > I have a few of those myself. And since I took over filtering it's down some > but they still get a few hundred thousand spams a day. So - it's probably > not going away. > > >
