Monday, April 9th, 2007
Spammers ought to be shot
Last night I had the idea that it would be nice to login to one of my servers (beastie.thefraggle.com) and grab a look at the squid configuration I wrote a while back to load balance my website, there was a slight problem with that, however; The server was inaccesible.
I’ve now found out that thanks to spammers, exim was using up so much system resource that the server had started swapping, and even running out of swap space!
It really isn’t a great sight seeing lots of messages like this in your syslog logs and dmesg output:
swap_pager_getswapspace(3): failed
pid 77565 (exim-4.66-0), uid 0, was killed: out of swap space
It appears from the sheer volume of mail that got frozen in my queue and rejected, that whoever it is that has decided to target my mailserver, was either attempting to bring my mailserver down, or use me (unsusccessuflly) as a relay. The latter seems the most likley, so I decided that I had to block even more stuff with dns blocklists.
Now, I had disabled DNS Blacklisting a while back, as I diddn’t think it was being too effective, and I diddn’t like the idea of relying on a 3rd partys opinion of what it a spam host and what isn’t; however, needs must and so on, so I had to enable the following on my exim mta:
deny dnslists = bl.spamcop.net : \
sbl-xbl.spamhaus.org : \
dnsbl.sorbs.net : \
rbl.efnet.org : \
dsn.rfc-ignorant.org/$sender_address_domain : \
postmaster.rfc-ignorant.org/$sender_address_domain
I’ve also decided to deny anything that doesn’t present the correct rDNS or even have one:
deny
message = Reverse DNS lookup failed for host $sender_host_address.
!verify = reverse_host_lookup
This will probably catch a hell of a lot of rubbish, but at the same time it may catch some legit mail. Really though, if people can’t be bothered to setup their mailserver to tell us what their real rDNS is, or to even setup a rDNS in the first place, then why should I want to accept mail from them?
which seemed to stem the deluge of mail, the only problem is however, that the time it now takes for my mta to respond has shot up, thanks to it having to do multiple dns checks. Does anyone else get this problem, or are there any decent tweaks I can do to the mail environment to stop this being a problem. I’m considering enabling a local caching nameserver setup on the box, but feel that it could be adding yet another layer of complexity.
So for now, the spammers can’t use my mta, the next step I assume I will take, is having a look at what I can do to impliment some kind of greylisting in exim, any suggestions?
Tags: geek, rant, spammers