Hi !!
>> from my experience in similar situations what helped in
>> having situation under control was examining the logs to
>> find common patterns (helo, sender addresses, recipients,
>> etc ...) and then build new acl rules to reject that attempts
>> as fast as possible, if possible avoiding dns and/or database
>> lookups and callouts.
>
> DNS for sure, and RBL sometimes, are faster than you might think.
not faster enough to survive a massive virus attack, at least
not in my case, but that's just my experience and it does not
mean that it must be good on all situations.
>> with "deny local_parts = fred:mary:.." wihtout having to
>> do a "verify = recipient" (which will take more cpu)
>
> Surely you jest?
yes.
> Putting multi-brazillons of dictionery-created non-existent local parts into
> *any of* an acl (hard-wired) or as a lookup of a local flat file, db/cdb file,
> or SQL RDBMS is simply not on, admin-wise and gets slower as it grows.
stop. i'm talking about commonly used names, not random names.
If you get thounsands of emails for mary@yourdomain and you don't have
such this address is very much faster "deny local_parts = mary" than
"verify = recipient", that's why the first thing that i said is that
one should examine logs and find common patterns.
In the other hand such this random generated addresses could be
catch by a regex just testing for many consecutive consonants (just one
more than the maximun number of consecutive consonants from your user
with more consecutive consonants), that will catch a lot of them.
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
