tolinrome
asked on
SPAM Filtering
One of my clients is a medium sized business and has been experiencing a large increase of SPAM in the last couple of weeks. They are using a Barracuda SPAM Firewall 300 and it blocks about 50,000 SPAM per day and allows about 800 a day of legit email.
The Firewall device that was sitting in front of the Barracuda was totally flooded with all these incoming SMTP requests that RDP and other remote access into our LAN was sporatic, and if someone did get in they would eventually get disconnected. We replaced the current Firewall device with a larger more efficient and robust Firewall device and installed it and noticed that the remote connections were much more stable but the amount of SPAM of course is the same.
The problem/question actually is, How can I divert all this SPAM coming to the Firewall, our ISP doesnt support SPAM filtering either.
Thanks!
The Firewall device that was sitting in front of the Barracuda was totally flooded with all these incoming SMTP requests that RDP and other remote access into our LAN was sporatic, and if someone did get in they would eventually get disconnected. We replaced the current Firewall device with a larger more efficient and robust Firewall device and installed it and noticed that the remote connections were much more stable but the amount of SPAM of course is the same.
The problem/question actually is, How can I divert all this SPAM coming to the Firewall, our ISP doesnt support SPAM filtering either.
Thanks!
See if the device supports real time blacklisting (RTBL)
ASKER
we already have 2 blacklists setup on it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We use bl.spamcop.net and combined.njabl.org RBLs.
combined.njabl.org has now been taked over by spamhaus but you can still use the mirror and at some point in the future it will be disabled. If you have configured spamhaus RBL then I would recomend that you remove it and replace it with this one and at least get you back up and running better while you look into getting a spamhaus data feed.
bl.spamcop.net is another good RBL. I analysed all the spam coming into us and the top 3 RBLs that matched spam were:-
njabl
spamcop
sorbs
We implemented the first two in our MTA to cut out the majority of spam and let mailscanner process the rest.
combined.njabl.org has now been taked over by spamhaus but you can still use the mirror and at some point in the future it will be disabled. If you have configured spamhaus RBL then I would recomend that you remove it and replace it with this one and at least get you back up and running better while you look into getting a spamhaus data feed.
bl.spamcop.net is another good RBL. I analysed all the spam coming into us and the top 3 RBLs that matched spam were:-
njabl
spamcop
sorbs
We implemented the first two in our MTA to cut out the majority of spam and let mailscanner process the rest.
ASKER
Even if I follow your good advice wont the spam still be flooding the line? The problem isnt that the SPAM isnt being blocked its just the overwhelming amount of SPAM is flooding the connection.
It will help as more emails will be rejected earlier on saving bandwidth and cpu time processing the full email later.
The domain that you have probably has the mail server specified as a priority of say 10 in the DNS.
You could add a couple of fake entries of priority 5 and 20 pointing to machines which dont exist. A lot of bots which send spam will only try and connect to the lowest MX entry (primary mail server) and others always try the highest as backup mail servers often dont have spam protection. Using this trick should reduce the number of spams you receive but at the cost of a longer mail delivery time.
The domain that you have probably has the mail server specified as a priority of say 10 in the DNS.
You could add a couple of fake entries of priority 5 and 20 pointing to machines which dont exist. A lot of bots which send spam will only try and connect to the lowest MX entry (primary mail server) and others always try the highest as backup mail servers often dont have spam protection. Using this trick should reduce the number of spams you receive but at the cost of a longer mail delivery time.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you might want to rerouting your MX records to a service that removes all the spam (or at least most of it) before actually sending it to your mailserver. www.spamstopshere.com is a good service.
ASKER
Thanks alot. I like both ideas and will implement the accepted one right away.