BenV
04-07-2005, 11:54 AM
I am having a huge spam problem and need a couple more heads if you can lend yours...
I have a server running qmail and some of Bruce's stuff setup similar to FQ. One particular domain on this server has a catchall that pipes (via dot-qmail) to a perl script that determines delivery (or not). This has been working great for years and I get 1-2 spams a day that make it to my inbox.
Here's the problem -- this domain used to get over 10,000 spam a month when I monitored it more closely last year. No real biggie. But I noticed some intermittent sluggishness on the server recently and tracked it down to my script consuming resources. As it turns out, that domain has been getting over 20,000 PER DAY on average over the last few months. In the 5 days following Easter it received 181,000 emails per day.
Now that's just crazy!
So I decided to implement the spamhaus RBL in the hopes of buffering the server a bit. Here's the pertinent line in my run file:
exec /usr/local/bin/softlimit -m 5000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd -r sbl-xbl.spamhaus.org \
/usr/bin/smtpfront-qmail 2>&1
It still seems to be letting in about 50% of the spam -- up from about 90% in the first few days. It's my understanding that (in it's default configuration) if rblsmtpd times out waiting for spamhaus, it lets the email through which makes sense to me.
In any case, does anyone have any insight into how I can increase the amount it blocks? -- in the last 6 days, my perl script still blocked about 60,000 emails per day.
BenV
I have a server running qmail and some of Bruce's stuff setup similar to FQ. One particular domain on this server has a catchall that pipes (via dot-qmail) to a perl script that determines delivery (or not). This has been working great for years and I get 1-2 spams a day that make it to my inbox.
Here's the problem -- this domain used to get over 10,000 spam a month when I monitored it more closely last year. No real biggie. But I noticed some intermittent sluggishness on the server recently and tracked it down to my script consuming resources. As it turns out, that domain has been getting over 20,000 PER DAY on average over the last few months. In the 5 days following Easter it received 181,000 emails per day.
Now that's just crazy!
So I decided to implement the spamhaus RBL in the hopes of buffering the server a bit. Here's the pertinent line in my run file:
exec /usr/local/bin/softlimit -m 5000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd -r sbl-xbl.spamhaus.org \
/usr/bin/smtpfront-qmail 2>&1
It still seems to be letting in about 50% of the spam -- up from about 90% in the first few days. It's my understanding that (in it's default configuration) if rblsmtpd times out waiting for spamhaus, it lets the email through which makes sense to me.
In any case, does anyone have any insight into how I can increase the amount it blocks? -- in the last 6 days, my perl script still blocked about 60,000 emails per day.
BenV