On Fri Feb 29, 2008 at 20:08:41 -0000, Vic wrote:
> > Normally when i build an email server I have a recipient accept list, that
> > is, any name not on the list gets bounced by Postfix, and thus NOT
> > processed by spamassasin etc. If this was in place on Monday, there would
> > not have been a DoS as it was only 11,000 spams during the day, which I
> > consider not too bad.
>
> There is a school of thought that says that's the way to do it - if you
> reject by bad addresses first, you leak your valid address list to
> spammers. But I don't subscribe to that - check for valid recipients
> first, or your load goes through the roof...
I think it is obvious that dropping bad mail should be done as
soon as it is possible to do so, precisely to avoid becoming victim
to a DOS.
Right now I'm running a spam filtering service and the general
order of tests is:
1. Connecting IP or hostname based rejection.
2. HELO tests.
3. Early talker tests.
4. Valid user tests.
...
...
anti-virus test
anti-spam test
(After testing I discovered that testing for viruses was faster
than testing for spam. Having said that I'm only seeing .4% viral
mail, so it might make sense to reverse the order - that way I dont
invoke ClamAV at all for spam mail.)
Current volume of mail is in the region of 200,000 messages a
day and I think if I didn't do the username testing early I'd not
be able to handle that much without much more load.
Steve
--
http://mail-scanning.com/
