Postfix Sluggish

[Paul Howarth]

Ki Song wrote:
>>From: Paul Howarth <paul at city-fan.org>
>>Ki Song wrote:
>>
>>>One reason why the maillog is so huge is because all the messages that are
>>>trying to be sent to this domain (knifecenter.com) that are the target of
>>>spam ... basically, they are sending to any and all potential names in the
>>>knifecenter domain ... for example, a particular server tries to send a
>>>message (probably spam) to: a at knifecenter.com, then aa at knifecenter.com, then
>>>ab at knifecenter.com, then ac at knifecenter.com, etc.
>>>
>>>The maillog contains all the rejected messages because those addresses do
>>>not exist. How do I continue to reject the messages to erroneous addresses
>>>without showing it in the maillog?
>>
>>You don't. You firewall off the server that's doing the dictionary
>>attack and then your mail server will never see the connections from it,
>>hence no logging.
> 
> 
> Isn't that just putting a "bandaid" on the problem ... I mean, isn't the
> list of ip addresses that i firewall off eventually going to be too big to
> manage?

That may depend on how many different sites attempt dictionary attacks 
on your server. I wouldn't expect it to be that large a list really, 
unless someone's particularly trying to reach *your* users.

> If the above isn't true, is there a central location that people can get a
> hold of that has a list of "bad ip" addresses? Similar to Spamassassin's
> list?

Not that I know of, but you could take an approach like that of 
"denyhosts", which scans log files for ssh attacks and blocks the 
offending IPs.

Paul.