>
>> it is common for one domains to get an order of magnitude more spam
>> than another that seems just like it. like mark said, it probably
>> won't stop. low overhead techniques like greylisting or no listing
>> can reduce the stress on your server quite a bit. configuring your
>> mta to close connections after X errors will help with the dictionary
>> attacks, and you can combine that with fail2ban to go even further.
>>
>
> What I've noticed is that domains with catchall accounts are usually the
> ones that get abbused this way. MTAs the reject bad email addresses at
> SMTP time are not what spammers like when it comes to choices of domains
> to spam or spoof.
>
i get the feeling that this client's previous ISP had a catch-all set up for
them, which i don't.
as for banning, i use a combination of tacticts, including fail2ban. even
so, in the last 24 hours, i've gotten close to 10,000 attempts on this one
domain, which is more than all the other domains on my system combined.
one thing i've recently added is MX records pointing to
tarbaby.junkemailfilter.com at the DNS for that domain. i haven't seen any
drastic drop, but at least someone's harvesting the IPs other than me.
--option8.
--
View this message in context:
http://www.nabble.com/one-domain-gets-99--of-spam-tp23628756p23635714.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
