Koozali.org formerly Contribs.org

Mail Blocking Server Functions

netdesignns

Mail Blocking Server Functions
« on: August 12, 2007, 07:10:24 AM »
Over the last 24 hours have experienced complete slowup of the server.
The problem appears to be related to SMTP mail and shutting down the service smtpfront-qmail takes the load off the server and permits access to the internet again.
Restarting smtpfront-qmail and watching the server status using the command line NETSTAT indicates that about 20-30 different external IP addresses progressively connect to the smtp server and are trying to send mail all the time taking most of the CPU time and increasing the latency delay causing all other traffic to stop.
Smtp authentication is used on the server.
The mail log files list the IP addresses that connect or try to connect and send mail to users on the system that simply don't exist.
RBLs filtering has been changed from sbl-xbl.spamhaus.org to zen.spamhaus.org but to no effect. A check of the log files indicates that RBLs filtering is minimal.
This has not happened before and with smtpfront-qmail stopped there is of course no incoming mail being received.
Am at a loss as to what to check next? Is it possible to block the listed IP addresses from the server and keep everything functioning?
At this stage a carrier pigeon would be quicker and more reliable to send mail? :cry:

Offline raem

  • *
  • 3,972
Re: Mail Blocking Server Functions
« Reply #1 on: August 12, 2007, 11:10:01 AM »
...

netdesignns

Mail Blocking Server Functions
« Reply #2 on: August 13, 2007, 04:37:00 PM »
Thanks Ray for the tips.
Have implemented the Reject on bad HELO and it is showing up in the log.
Implemented the Concurrency changes but bit hard to determine the change. Was going to implement delete doublebounce but the link in the article was broken. Dug around on the forums but could not find a reference to the rpm. RBL filtering has gone up with the change to zen.spamhaus.org so am gradually taming it and hopefully when I get the iptables and masq sorted out on the other post it should be a further improvement. Am still puzzled as to why I am being swamped with this stuff after relative peace for months?

Offline raem

  • *
  • 3,972
Re: Mail Blocking Server Functions
« Reply #3 on: August 13, 2007, 05:01:11 PM »
netdesignns

Quote
Was going to implement delete doublebounce but the link in the article was broken. Dug around on the forums but could not find a reference to the rpm.


You need to search around a little more creatively.

Things have changed !  Just replace www.contribs.org with mirror.contribs.org in all those links shown in the howto.

Try this
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/double%20bounce%20message%20deletion%20HOWTO%20for%20sme%20server.htm

Look here for the dungog sme6 rpms
The doublebounce is there and the mail blocking is there.
http://sme.dungog.net/packages/smeserver/6.0/i386/html/index_dungog.html

Add more RBL lists than just the zen.spamhaus.org  one, see current recommendations for a default sme7.2 which you can use on sme6
http://wiki.contribs.org/Updating_to_SME_7.2#DNSBL_Servers

The spamassassin change mentioned in my howto might be the more important one if all that mail is killing your server.

I say it again though, you REALLY SHOULD upgrade to sme7. You are living dangerously to keep using sme6.

All the features that you are asking for to block hosts are configurable by db commands in sme 7, so easy.

RBL, spam & virus filtering are all much better and there is greater rejection of errant emails for various technical reasons (using qpsmtpd with various plugins).
...