Hosting Provided By

RE: [OT] Seeing increase in smtp concurrency ?

From: Johnson, S <sjohnson(at)edina.k12.mn.us>
Date: Thu Sep 06 2007 - 13:37:49 EDT

It's interesting you say that.... I don't give a response (most of the time they're not there to receive it anyway and it clogs up my server with undeliverable email - especially in BIG spam attacks). I have not experienced this with my servers at all. Last week, a friend of mine that owns a very large spam filtering/relay company got hit hard with this issue.

With all this, my graphs have not budged. I'm thinking it was deliberate.

-----Original Message-----
From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Thursday, September 06, 2007 11:10 AM To: Rajkumar S
Cc: users@spamassassin.apache.org
Subject: Re: [OT] Seeing increase in smtp concurrency ?

Quoting Rajkumar S <rajkumars@gmail.com>:

> Hi,
>
> Does any one seeing increasing smtp concurrency for the past couple of
> weeks? I run couple of (qmail/simscan/spamassassin) mail servers and
> all experience the same problem. The spam does not increase, but this
> is hogging my mail servers. Probably a new crop of spamming tools?
>
> I am attaching one qmail-mtrg graph that shows the problem.
>
> http://img403.imageshack.us/img403/2224/smtpmonthyq4.png
>
> raj
>

Some botnets are starting to hold mail connections open for much longer after
getting a 5xxx blacklist response. Reason is unknown; could be coding errors
or deliberate. Many people are changing their smtpd timeouts form the RFC 300
seconds down to 45 seconds:

http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx

Here's the postfix for it:

## to deal with botnets not hanging up
# Drop default from RFC limit of 300s to 45s
#

smtpd_timeout = 45s

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

Some people are even using 10 seconds, which seems short to me. The RFC requires 300 seconds.

Jeff C. Received on Thu Sep 6 13:38:13 2007

This message: [ Message body ]
Next message: winkerbean: "Maybe I'm dense..."
Previous message: Kris Deugau: "Re: Bayesian filtering not kicking in, but it's trained."
In reply to: Jeff Chan: "Re: [OT] Seeing increase in smtp concurrency ?"
Next in thread: Kelson: "Re: [OT] Seeing increase in smtp concurrency ?"
Reply: Kelson: "Re: [OT] Seeing increase in smtp concurrency ?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sat Oct 27 2007 - 00:18:39 EDT