takizo, not takezo

How many of you got dictionary/ratware attack on your mail server which take unnecessary processing load to do virus scanning or spam scoring? We have more than thousand (average) dictionary attack on our mail server in an hour and it has taken a lot processor load (memory even more!), especially it also does scanning with Spam Assassin or SA-Exim.

On Exim, if you have a relay server that does spam scoring or virus scanning, you might need a high processor server to serve the attack or unnecessary scanning, investing on high processor just to do that is not worth it. (That is why we hate Barracuda’s vendor, keep on asking us upgrade to higher end hardware which cost like >RM50k?) .

To overcome the “load”, you can put some trick on Exim’s acl_smtp_rcpt/acl_check_rcpt, let see how it works.

Usually most system admin use verify=recipient/callout=10s,no_cache,defer_ok, but it will always do RCPT call to server to check for valid recipient, it might take a lot of connection resources. To make thing easier, you can generate a list of valid recipient (since it’s your own server), dump it into a text file for example recipients.verified.list with the format as below;

recipient-a@exim.com.my
recipient-b@exim.com.my
recipient-c@exim.com.my

After that, at acl_check_rcpt, put this line in,

deny message = invalid recipient
domains = +relayed_domains
recipients = !/etc/exim/recipients.verified.list

You can put this line before or after accept host = : at acl_check_rcpt. What will the rule do? Very obvious if the recipient is not in the recipients list, it will deny to receive the email and do further process.

Hope this tip will help, continue fighting with Spam

p/s: this was what we get yesterday

shell> grep ‘invalid recipient’ /var/log/exim/mainlog | wc -l
shell> 129794

129794 attacks / day and it was Monday!

Related posts:

1. exim, playing with mail queue in server there are over thousand emails queue in our mail server,...
2. Grep Exim Email Transaction with Bash While email transport having problem, the first we look for...
3. Force Email Delivery on Exim Hundred emails are queuing on your mail relay server, and...
4. hey spams, we just eat you recently we were having Ratware/dictionary attack to our mail server,...
5. Exim – anti-spam per domain setting acl_check_rcpt: blah … blah … blah … deny message =...
6. Backup and Archive Incoming Email with Exim Loitering around Google and finding a way to archive/backup incoming...
7. mail rejects, deleted & queue in periodic.conf By default, after exim successfully configured and run, it sends...
8. Enable SMTP Port 587 on Exim Most of the ISP block port 25 for outgoing SMTP....
9. Changing Default Mail Application in Mac OS X No matter how many times I tried to configured Thunder...
10. Servers Uptime. More Than 356 days, 1 Year Old Phew, time flies… I’ve been working with AIMS for more...

This entry was posted on Tuesday, May 27th, 2008 at 3:17 pm and is filed under Systems. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.