Aaron Wolfe wrote:
On Wed, May 20, 2009 at 1:09 AM, Marc Perkel <m...@perkel.com> wrote:
option8 wrote:
on my small server setup, i host around 30 domains. between SA and a
fairly
aggressive exim setup, very little spam gets through to the end users.
most
of it doesn't even get far enough to hit my logs.
however, one domain that i host gets constantly bombarded, and has since i
took it over from another ISP a few years ago. most of these connections
look like dictionary attacks (joe@, bill@, admin@, webmaster@, etc) or
backscatter/bounces.
at first, i thought it might be an attempt at a DOS on them (or me), since
my traffic spiked right after i took over the domain, but it hasn't let
up.
is there any particular reason this might be happening to just this one
domain?
beyond that, is there any hope of this ever stopping? short of offloading
their MX to gmail or something, i feel like i may be stuck with fending
off
a ton of spam for this one domain, while the rest only ever see a trickle.
--option8.
it is common for one domains to get an order of magnitude more spam
than another that seems just like it. like mark said, it probably
won't stop. low overhead techniques like greylisting or no listing
can reduce the stress on your server quite a bit. configuring your
mta to close connections after X errors will help with the dictionary
attacks, and you can combine that with fail2ban to go even further.
What I've noticed is that domains with catchall accounts are usually the
ones that get abbused this way. MTAs the reject bad email addresses at
SMTP time are not what spammers like when it comes to choices of domains
to spam or spoof.
