Postfix Sluggish
Paul Howarth
paul at city-fan.org
Fri Nov 4 17:56:09 UTC 2005
Ki Song wrote:
>>From: Paul Howarth <paul at city-fan.org>
>>Ki Song wrote:
>>
>>>One reason why the maillog is so huge is because all the messages that are
>>>trying to be sent to this domain (knifecenter.com) that are the target of
>>>spam ... basically, they are sending to any and all potential names in the
>>>knifecenter domain ... for example, a particular server tries to send a
>>>message (probably spam) to: a at knifecenter.com, then aa at knifecenter.com, then
>>>ab at knifecenter.com, then ac at knifecenter.com, etc.
>>>
>>>The maillog contains all the rejected messages because those addresses do
>>>not exist. How do I continue to reject the messages to erroneous addresses
>>>without showing it in the maillog?
>>
>>You don't. You firewall off the server that's doing the dictionary
>>attack and then your mail server will never see the connections from it,
>>hence no logging.
>
>
> Isn't that just putting a "bandaid" on the problem ... I mean, isn't the
> list of ip addresses that i firewall off eventually going to be too big to
> manage?
That may depend on how many different sites attempt dictionary attacks
on your server. I wouldn't expect it to be that large a list really,
unless someone's particularly trying to reach *your* users.
> If the above isn't true, is there a central location that people can get a
> hold of that has a list of "bad ip" addresses? Similar to Spamassassin's
> list?
Not that I know of, but you could take an approach like that of
"denyhosts", which scans log files for ssh attacks and blocks the
offending IPs.
Paul.
More information about the fedora-list
mailing list