I've been called in to solve some massive email problems in a company that has about 30 employees and an external mailserver. They receive on average about 100 legitimate emails per day and 3000+ spams plus the usual virus and worm attacks.
I am of course recommending FC with Sendmail, Procmail, SpamAssasin and ClamAV on an inhouse mailserver, all of which I've had experience and spectacular results with.
Their spam problem, IMHO, comes from the mailserver they currently use accepting all non-mailbox email into a postmaster@xxxxxxxxxx account which has a quota of 1000 emails, which then sends over-quota rejection notices to senders for all @domain.com incoming; effectively shutting down all incoming email. My theory is that the reject notices are taken as replies by spambots and encourages even more spam. Short-term measures include emptying postmaster@ every 10 minutes and filtering for valid mis-addressed emails, but even with that the volume of incoming spam seriously slows down the service.
My question is - long term - is it better to set up the mailserver to reject all non-mailbox emails to cut down on the incoming processing load; or to filter and bit-bucket the spam in the hopes that the volume will decrease over time with no responses to the spam? Or any other techniques any of you are using for such problems?
Thanks in advance for opinions/suggestions,
I would definitely advocate not having a catch-all mailbox, which I guess is what you mean by non-mailbox mail. It's a magnet for spammers doing dictionary attacks, and they do do this as I've seen it on my own server.
Any rejections should of course be done at SMTP level rather than doing an accept-then-bounce arrangement, which only results in backscatter and actually contributing even further to the Internet-wide spam problem.
Paul.
I predict with 99% certainly that Scott H. will advise you to use greylisting too :-)
