I've inherited a botnet target
in [Postfix]
|
From: brian on 26 May 2010 15:34 On 10-05-26 03:24 PM, Ansgar Wiechers wrote: > On 2010-05-26 Ralf Hildebrandt wrote: >> Shouldn'T you use at least ONE RBL? > > Probably wouldn't hurt, but unless he's trying to fight off spam sent to > valid users (which according to his description doesn't seem to be the > case) he could go without as well. Correct. The SPAM problem is not directed at legitimate accounts (yet). All of these rejections are for fictitious accounts under the .com domain. I don't want to accept anything at all for that domain. However, I must keep the domain pointed at this new server in order to catch web traffic and redirect it. b
From: brian on 26 May 2010 15:35 On 10-05-26 03:31 PM, Matt Hayes wrote: > > I wonder if using something like postscreen from the 2.8-snapshots would > help to curtail some of the resource usage. > Thanks, I'll check it out. However, I'd feel more optimistic about it if it was named prescreen ;-)
From: Matt Hayes on 26 May 2010 15:42 On 5/26/2010 3:35 PM, brian wrote: > On 10-05-26 03:31 PM, Matt Hayes wrote: >> >> I wonder if using something like postscreen from the 2.8-snapshots would >> help to curtail some of the resource usage. >> > > Thanks, I'll check it out. However, I'd feel more optimistic about it if > it was named prescreen ;-) > Here's a link with some info on it: http://www.postfix.org/postscreen.8.html If you look in the ChangeLogs for the latest snapshot of 2.8, Wietse outlines in there how to get it enabled. It works quite well on my box. -Matt
From: Ansgar Wiechers on 26 May 2010 15:43 On 2010-05-26 brian wrote: > On 10-05-26 03:24 PM, Ansgar Wiechers wrote: >> On 2010-05-26 Ralf Hildebrandt wrote: >>> Shouldn'T you use at least ONE RBL? >> >> Probably wouldn't hurt, but unless he's trying to fight off spam sent >> to valid users (which according to his description doesn't seem to be >> the case) he could go without as well. > > Correct. The SPAM problem is not directed at legitimate accounts > (yet). All of these rejections are for fictitious accounts under the > .com domain. I don't want to accept anything at all for that domain. > However, I must keep the domain pointed at this new server in order to > catch web traffic and redirect it. So all of the rejected mails are for example.com, but you now use example.org instead? Your first mail sounded like there were arbitrary destination domains, not just the .com domain you want to move away from. If you don't need to accept any mail for example.com, you may want to remove the MX record(s) for that domain (in case you haven't done that already). Redirecting web traffic will work just fine without them. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
From: brian on 26 May 2010 15:50
On 10-05-26 03:43 PM, Ansgar Wiechers wrote: > On 2010-05-26 brian wrote: >> On 10-05-26 03:24 PM, Ansgar Wiechers wrote: >>> On 2010-05-26 Ralf Hildebrandt wrote: >>>> Shouldn'T you use at least ONE RBL? >>> >>> Probably wouldn't hurt, but unless he's trying to fight off spam sent >>> to valid users (which according to his description doesn't seem to be >>> the case) he could go without as well. >> >> Correct. The SPAM problem is not directed at legitimate accounts >> (yet). All of these rejections are for fictitious accounts under the >> .com domain. I don't want to accept anything at all for that domain. >> However, I must keep the domain pointed at this new server in order to >> catch web traffic and redirect it. > > So all of the rejected mails are for example.com, but you now use > example.org instead? Your first mail sounded like there were arbitrary > destination domains, not just the .com domain you want to move away > from. > > If you don't need to accept any mail for example.com, you may want to > remove the MX record(s) for that domain (in case you haven't done that > already). Redirecting web traffic will work just fine without them. Right, this was a forehead-slapper for me a couple of hours ago. But then I realised that I'd already explicitly removed the MX for the .com domain weeks ago when first setting up the new server. There's only the A records, CN, and NS. I can't figure that out. b |