[Exim] How to deal with 10 fold increase in mail traffic

Top Page
Delete this message
Reply to this message
Author: Sujit Choudhury
Date:  
To: exim-users
Subject: [Exim] How to deal with 10 fold increase in mail traffic
We are noticing the following in the last 5 days:
1. Spammers sending e-mails from various addresses to various addresses
with the sender's address as XYZ@???. XYZ is a random
string.
2. The bounce messages from those addresses come to us, which then goes
through the virus checker and spamassassin (we are using exiscan with
exim). Finally, our MTA can not deliver the mails, and tries to bounce
the mail.
3. The system is coming to a grinding halt.
4. We have done the following:
smtp_accept_max = 200
smtp_accept_reserve = 50
smtp_load_reserve = 20.0
smtp_reserve_hosts = 161.74.0.0/16

We only use spamd (spamassassin) for external mails and if it is less
than 20KB.

Is there anything we can do to survive this attack?

We have been thinking of using smtp_ratelimit_hosts and
deliver_queue_load_max to reduce the load.

Any suggestion will be gratefully accepted.


Regards

Sujit
-----------------------------------
Sujit Choudhury
ISLS
University of Westminster
115 New Cavendish Street, London
E-Mail: S.Choudhury@???
Tel No: 020 - 7911 5000 Ext 3851