Re: [exim] Troddle incoming queue?

Pàgina inicial
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
A: exim users
Assumpte: Re: [exim] Troddle incoming queue?
Michelle Konzack wrote:
> Hello,
>
> I am using "courier-imap" and currently the appropriated "courier-mta".
>
> Now I am searching for a solution for incoming messages since some times
> my server is hit very hard through incoming batches of several 1000
> messages at once for a SINGEL E-Mail!
>
> Since all messages are spam filtered and I must process the incoming
> messages in procmail, from time to time I get hevy loads where the
> server is nearly not mor responsible.
>
> Q:  Since I have no real experience with "exim" I like to know,  whether
>     it is posible to configure "exim" to accept messages AFTER  checking
>     <zen.spamhaus.org> (60% if the spams is blocked here) and then queue
>     it and pass only all X seconds a message to the local account  where
>     the actual filtering is done via procmail recipes?

>
> Q: Can anyone help me to create a simpel exim config for my server?
>
> Thanks, Greetings and nice Day
>     Michelle Konzack
>     Systemadministrator
>     24V Electronic Engineer
>     Tamay Dogan Network
>     Debian GNU/Linux Consultant

>
>
>


courier-mta is quite capable of stopping that sort of flood 'upfront'
and in its tracks (AFAIK, so can sendmail and postfix..)

So, too Exim.

But 'simple' is relative.

Having used both, I prefer Exim for its ability to craft the most
complex, dare I say downright *devious*, rulesets imaginable.

Sam doesn't make that quite as easy in courier-mta.

OTOH, one of the reasons is that he is a stickler for strict adherence
to RFC's and makes it a bit harder for you to do deviously non-compliant
or even *stupid* things.

So it may be as simple as toggling a couple of already-present
courier-mta config options.

Before you rip an(y) otherwise-functioning MTA out in favor of an(y)
other one, you might be well served to take a closer look at the
capabilities of the one you have.

You'll be wanting to reject 'at smtp time' i.e. during the connection
session, and well *before* you get as far as procmail or maildrop.

Hint:

Odds are that the 'identical message' and/or 'same recipient' flood you
are experiencing is coming from an infected WinBoxen 'farm'.

And that NONE of them have a PTR RR. Or any other DNS entry that matches
their source IP. Or HELO FQDN.

Courier-mta has a Big Fine Hammer to swat those, just as Exim does.

RBL lookups optional.

HTH,

Bill Hacker