[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Postfix Backscatter



Hi,

Uwe Debacher wrote:

it is a standard SuSE9.1 system only with real (Linux) users.

okay then.


the hardware memory/processor should be good enough. PC Hardware
(500MByte/5000bogomips) and the WAN connectivity is about 5MBit.

So around 2,4GHZ CPU, should do well, maybe it's the WAN (using
100MBit here).


Backends? Spamassassin/amavis? Today (which is 12 hours now)

i am using amavis/antivir but because there is no mail-body there is no
activity of amavis

okay.


we got over 32000 Mailconnects and a tons of rejects, too.
While a wave of spam last month we had around 160.000 rejected
mails per day without any Problem. So there may be a bottleneck

this is what i am searching for

I'm pretty sure you can do more if you tweak some things etc..


somewhere else. Possible Problems: Database lookups, to much
RBL Lists, PCRE/REGEXP header, body or mimechecks etc. or

one of my first actions was to stop the usage of RBL lists

Well, you need to change the setup a bit, check how many lists
you're using, how fast they respond and proably install a local
DNS cache to cache the answers of domain lookups etc. (makes
it a bit faster)


maybe bad hardware. If possible a post of postconf -n would

i attached the output, but i cut the domain/host information

That should be okay then ;)


strict_rfc821_envelopes = no

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
why? do you use broken software somewhere? if not, change to
yes ;)

transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450

huh? thats bad, change / delete it from your main.cf
normaly its 550, your setting will tell all mx'es who try to deliver
mail to your domains that unknown users are 'temporary', thus they'll
try to deliver the mail all x mins instead of dropping the mail.

Regards,
Sven


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here