option8 wrote:
it is common for one domains to get an order of magnitude more spam
than another that seems just like it. like mark said, it probably
won't stop. low overhead techniques like greylisting or no listing
can reduce the stress on your server quite a bit. configuring your
mta to close connections after X errors will help with the dictionary
attacks, and you can combine that with fail2ban to go even further.
What I've noticed is that domains with catchall accounts are usually the
ones that get abbused this way. MTAs the reject bad email addresses at
SMTP time are not what spammers like when it comes to choices of domains
to spam or spoof.
i get the feeling that this client's previous ISP had a catch-all set up for
them, which i don't.
as for banning, i use a combination of tacticts, including fail2ban. even
so, in the last 24 hours, i've gotten close to 10,000 attempts on this one
domain, which is more than all the other domains on my system combined.
one thing i've recently added is MX records pointing to
tarbaby.junkemailfilter.com at the DNS for that domain. i haven't seen any
drastic drop, but at least someone's harvesting the IPs other than me.
--option8.
Thanks for the tarbaby feed. If you use the
hostkarma.junkemailfilter.com black list it will work better for you
because it's harvesting your data from the high spam domain. If you use
that list to block you can reduce your system load.
