FFT
asked on
Dictionnary spam attacks - spamassassin & qmail - heavy server load -
Hello,
I'm currently using a qmail/spamassin configuration on a linux debian server.
From time to time (twice a week); the load average gets very high (> 100) and the server stops responding.
Email is involved here : I've got few domains on my server that get spammed with dictionnary attacks and as you may know, qmail accepts every email by default even if the mail box doen't exist...
I should build some kind of a "before delivery mail validity check" like the ones described below to avoid qmailscanner & spamassassin to do scan time for nothing...
http://qmail.jms1.net/patches/validrcptto.cdb.shtml
http://http.netdevice.com:9080/qmail/rcptck/
http://www.interazioni.it/opensource/chkuser/support/mailing_lists.html#Support
http://www.mail-archive.com/vchkpw@inter7.com/msg22241.html
http://www.interazioni.it/opensource/chkuser/
But this is for the near future, from now on I ve got to find a quick & dirty solution to simply avoid Spamassassin to scan non existant mail boxes.
The only solution I've found so far is to use the option "all_spam_to" in the
/etc/spamassassin/local.cf
all_spam_to *@spammed_domain.tld
But it happens that Spamassassin is still making scan time here (why ?) :
Sat Apr 7 10:46:12 2007 [29263] info: spamd: clean message (-90.8/3.0) for non_existant_user@spammed_
So THE QUESTION IS :
-------------------
What would be a QUICK&EASY solution to make qmailscanner/spamassassin not doing any scan on a full domain (But still doing scan on others selected domains) ?
-------------------
For the information, my qmail system was build using the excellent Sylvestre Ledru documentation :
http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php
But as says the author in a reply for the same problem :
"Install the patch : http://www.interazioni.it/opensource/chkuser/ because each email is processed even if the user account doesn't exist (be carreful with this patch, I haven't really been able to install it with my documentation)."
(this answer was posted here : http://sylvestre.ledru.info/howto/howto_qmail_vpopmail_help.php, search for "Author : Jean (j.respen_at_wrackweb.net)
... not very engaging...
Thanks for your help
I'm currently using a qmail/spamassin configuration on a linux debian server.
From time to time (twice a week); the load average gets very high (> 100) and the server stops responding.
Email is involved here : I've got few domains on my server that get spammed with dictionnary attacks and as you may know, qmail accepts every email by default even if the mail box doen't exist...
I should build some kind of a "before delivery mail validity check" like the ones described below to avoid qmailscanner & spamassassin to do scan time for nothing...
http://qmail.jms1.net/patches/validrcptto.cdb.shtml
http://http.netdevice.com:9080/qmail/rcptck/
http://www.interazioni.it/opensource/chkuser/support/mailing_lists.html#Support
http://www.mail-archive.com/vchkpw@inter7.com/msg22241.html
http://www.interazioni.it/opensource/chkuser/
But this is for the near future, from now on I ve got to find a quick & dirty solution to simply avoid Spamassassin to scan non existant mail boxes.
The only solution I've found so far is to use the option "all_spam_to" in the
/etc/spamassassin/local.cf
all_spam_to *@spammed_domain.tld
But it happens that Spamassassin is still making scan time here (why ?) :
Sat Apr 7 10:46:12 2007 [29263] info: spamd: clean message (-90.8/3.0) for non_existant_user@spammed_
So THE QUESTION IS :
-------------------
What would be a QUICK&EASY solution to make qmailscanner/spamassassin not doing any scan on a full domain (But still doing scan on others selected domains) ?
-------------------
For the information, my qmail system was build using the excellent Sylvestre Ledru documentation :
http://sylvestre.ledru.info/howto/howto_qmail_vpopmail.php
But as says the author in a reply for the same problem :
"Install the patch : http://www.interazioni.it/opensource/chkuser/ because each email is processed even if the user account doesn't exist (be carreful with this patch, I haven't really been able to install it with my documentation)."
(this answer was posted here : http://sylvestre.ledru.info/howto/howto_qmail_vpopmail_help.php, search for "Author : Jean (j.respen_at_wrackweb.net)
... not very engaging...
Thanks for your help
Well I'm not sure how you gonna write this into your system but here's a rough idea on how to go about it. Instead of allowing your qmail to accept all incoming mails into your domain, why don't you do a mailbox validation first, then activate spamassassin on this queue instead of a direct scan. I know you can do this but how is up to you. Hope this helps.
ASKER
Hello,
thanks for you answer shivan, it seems a bit vague to me...
What I could think of is : is there a way to tell spamassassin not to treat designated domains so there would be no process *at all* involved. The spamassassin installation is global so it treats every mails passing through qmail. Remember I do not have time yet to completely reconfigure the email services on this production server, i'm just searching a quick & simple way of limiting the load average due to spammed domains... May be this is just impossible I do not know.... still waiting for help on this one... ;-)
thanks for you answer shivan, it seems a bit vague to me...
What I could think of is : is there a way to tell spamassassin not to treat designated domains so there would be no process *at all* involved. The spamassassin installation is global so it treats every mails passing through qmail. Remember I do not have time yet to completely reconfigure the email services on this production server, i'm just searching a quick & simple way of limiting the load average due to spammed domains... May be this is just impossible I do not know.... still waiting for help on this one... ;-)
I use dspam (http://dspam.nuclearelephant.com/) in conjunction with SpamAssassin as well
as rblsmtpd, which comes from DJB's ucspi package. The three in conjuction keep spam down
to an acceptable level (considering I have 3 or 4 email addresses that have been bouncing around
Usenet for 15+ years).
The relevant part of my .procmailrc:
:0fw
| /usr/local/bin/spamc
:0fw
| /usr/local/bin/dspam --user mark --deliver=innocent,spam --stdout
:0:
* ^X-Spam-Status: Yes
$HOME/Spam/
:0:
* ^.*USER_IN_WHITELIST
$HOME/Maildir/
:0:
* ^X-DSPAM-Result: spam
$HOME/Spam/
-----------------
That is, run Spamassassin, then run dspam's agent, and make sure
that dspam hasn't flagged anything in our SpamAssassin whitelist.
Works really well. The addtion of rblsmtpd cut remaining spam by about 50%.
as rblsmtpd, which comes from DJB's ucspi package. The three in conjuction keep spam down
to an acceptable level (considering I have 3 or 4 email addresses that have been bouncing around
Usenet for 15+ years).
The relevant part of my .procmailrc:
:0fw
| /usr/local/bin/spamc
:0fw
| /usr/local/bin/dspam --user mark --deliver=innocent,spam --stdout
:0:
* ^X-Spam-Status: Yes
$HOME/Spam/
:0:
* ^.*USER_IN_WHITELIST
$HOME/Maildir/
:0:
* ^X-DSPAM-Result: spam
$HOME/Spam/
-----------------
That is, run Spamassassin, then run dspam's agent, and make sure
that dspam hasn't flagged anything in our SpamAssassin whitelist.
Works really well. The addtion of rblsmtpd cut remaining spam by about 50%.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found and installed this solution two months ago :
http://qmail.jms1.net/patches/validrcptto.cdb.shtml
It reduced drastically the server load (by 500%) and I have no more spam attacks now !
Since you pointed to the right solution, you get the points !
Thanks
http://qmail.jms1.net/patches/validrcptto.cdb.shtml
It reduced drastically the server load (by 500%) and I have no more spam attacks now !
Since you pointed to the right solution, you get the points !
Thanks