Need advice on new mailserver and spam

[Paul Howarth]

Bob Brennan wrote:
> I've been called in to solve some massive email problems in a company
> that has about 30 employees and an external mailserver. They receive
> on average about 100 legitimate emails per day and 3000+ spams plus
> the usual virus and worm attacks.
> 
> I am of course recommending FC with Sendmail, Procmail, SpamAssasin
> and ClamAV on an inhouse mailserver, all of which I've had experience
> and spectacular results with.
> 
> Their spam problem, IMHO, comes from the mailserver they currently use
> accepting all non-mailbox email into a postmaster at domain.com account
> which has a quota of 1000 emails, which then sends over-quota
> rejection notices to senders for all @domain.com incoming; effectively
> shutting down all incoming email. My theory is that the reject notices
> are taken as replies by spambots and encourages even more spam.
> Short-term measures include emptying postmaster@ every 10 minutes and
> filtering for valid mis-addressed emails, but even with that the
> volume of incoming spam seriously slows down the service.
> 
> My question is - long term - is it better to set up the mailserver to
> reject all non-mailbox emails to cut down on the incoming processing
> load; or to filter and bit-bucket the spam in the hopes that the
> volume will decrease over time with no responses to the spam? Or any
> other techniques any of you are using for such problems?
> 
> Thanks in advance for opinions/suggestions,

I would definitely advocate not having a catch-all mailbox, which I 
guess is what you mean by non-mailbox mail. It's a magnet for spammers 
doing dictionary attacks, and they do do this as I've seen it on my own 
server.

Any rejections should of course be done at SMTP level rather than doing 
an accept-then-bounce arrangement, which only results in backscatter and 
actually contributing even further to the Internet-wide spam problem.

Paul.

I predict with 99% certainly that Scott H. will advise you to use 
greylisting too :-)