Author: Craig Jackson Date: To: lists CC: schimmer, exim-users Subject: Re: [Exim] Rumplestiltskin attacks anyway to combat them?
On Wed, 30 Jun 2004 11:47:14 -0500
"lists" <lists@???> wrote:
>
> Nice idea but the spammer just trashed my box last night by overloading SA
> to the point of panic. It seem that they were pumping something thru that
> killed clamd and then ate spamassassin for lunch I had 108 copies of spamd
> running with each take a ton of memory. I have tons of reports of to many
> connection right before everything went to hell. The box was luckly behind
> a firewall with only port 25 open to it. I guess the Rumplestiltskin attack
> were attempt to feel me out or something.
>
> So till I can get something backup there that will not die on me I am
> running with just clamd on my main server with no bastion box infront of
> exim 4.31 exiscan and clam
>
I have a serious recommendation. Thanks to Andy Rabagliati (see his prior recent post) and those he relied upon, I have been able to implement greylisting. It is a life saver. Place it in the acl section before clamav and before spamassassin. It'll save your email server. 100% of spam is gone. The near-spam like newsletters is caught by Dspam. Also I tested Dspam vs Spamassassin with 2000 30 kb emails at 2 per second. The Exim-Spamassassin queue had to hold much more than the Dspam queue. And CPU utilization was at 10% with SA vs 40-50% under Dspam. I was reluctant to recompile Exim with Mysql because it already does Ldap lookups, but it is worth it.
