1 |
On 30/11/2007, Arturo 'Buanzo' Busleiman <buanzo@××××××××××.ar> wrote: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA512 |
4 |
> |
5 |
> Randy Barlow wrote: |
6 |
> > I am getting a huge number of connections to my mail server (postfix) |
7 |
> > compared to usual. I've seen as many as 50 connections open at one |
8 |
> > time. The logs show that the connections are from several computers of |
9 |
> > varying IPs, and they are all trying to send mail to random mailboxes on |
10 |
> > my domain. It's very annoying, and I have noticed that inbound mail |
11 |
> > seems to be lagging by several hours. Is there something similar to |
12 |
> > denyhosts for spammers? Any other suggestions? |
13 |
> |
14 |
> Check those IPs against: www.robtex.com/rbl |
15 |
> Choose your favorite blacklists (test them, some of them provide too many false positives) and |
16 |
> implement with them DNSBL/RBL in your postfix. Also, SPF and greylisting make a good job. |
17 |
|
18 |
Regarding SPF, I'd just like to add that the SPF policy daemons (which |
19 |
can be integrated into postfix very easily) are available at |
20 |
http://www.openspf.org/Software. There are implementations in perl and |
21 |
python and, as luck would have it, the python version is available in |
22 |
portage as mail-filter/pypolicyd-spf. If you choose to endorse SPF |
23 |
then don't forget to define records for one's own domains! A helpful |
24 |
document describing SPF syntax can be found here: |
25 |
http://www.openspf.org/SPF_Record_Syntax. |
26 |
|
27 |
Regards, |
28 |
|
29 |
--Kerin |
30 |
-- |
31 |
gentoo-server@g.o mailing list |