So over the last month I've been having a huge increase in the amount
of simultaneous smtp connections - I had exim set to 30 a couple
months ago and today I'm at 200 and still running out.
I started dropping (fail2ban w/ iptables) ip addresses which issue
more than 5 invalid rcpt's, which is about 100 an hour.
So I'm considering using a dynamic IP address blacklist at the MTA
level, which is something I've never really wanted to do. But I think
the scale is starting to tip
I already use all the blacklists as part of spamassassin, but I want
to stop these bots sooner.
Does anyone here use the PBL? Are there other better options for
dynamic IPs? Any other solutions to the bot flooding? Note that the
level of spam making it through hasn't increased - all those messages
do get caught.
Thanks.
Received on Thu Oct 4 09:24:42 2007
This archive was generated by hypermail 2.1.8 : Thu Oct 04 2007 - 09:24:47 CST