Forum Moderators: phranque
[webmasterworld.com...]
said that my server was getting 30,000 spam emails a day.
Three years on I'm still getting the spam - but now only an average of 20,000 a day.
re: mail is being sent to nonexistent recipients aaaaaa@mysiteexample.com alexis200022222@mysiteexample.com alibaba27273y173y127y@mysiteexample.com etc.
Well it's three years since I wrote that thread and since that time the server has received something like 22 million spam messages.
Is it possible to put a $ figure on that? In server resources, bandwidth, power usage? How many nanowatts/hr would a single message use up?
I am using sbl's now and none of that spam gets through anyway due to not using a catchall. I would have thought that the emails would have expired overtime but this is clearly not the case.
Can someone check these log files to ensure that the right thing is being done?
blocked by xbl lookup
-------------------------
Sep 25 21:44:20 mydomain postfix/smtpd[#*$!]: NOQUEUE: reject: RCPT from unknown[123.24.nnn.nnn]: 554 5.7.1 Service unavailable; Client host [123.24.nnn.nnn] blocked using xbl.spamhaus.org; h t t p: // w w w.spamhaus.org/query/bl?ip=123.24.nnn.nnn; from=<grogginesszg2795@#*$!#*$!xx.com> to=<ayumi-o2@mysiteexample proto=ESMTP helo=<CQPVCIDZUR>
-------------------------
blocked due to no local recipient
-------------------------
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: warning: 90.198.#*$!.#*$!.list.dsbl.org: RBL lookup error: Host or domain name not found. Name service error for name=90.198.#*$!.#*$!.list.dsbl.org type=A: Host not found, try again
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: NOQUEUE: reject: RCPT from unknown[190.166.#*$!.#*$!]: 550 5.1.1 <ayucel2@mysiteexample>: Recipient address rejected: User unknown in local recipient table; from=<ayucel2@mysiteexample> to=<ayucel2@mysiteexample> proto=ESMTP helo=<#*$!.#*$!.190.x.#*$!.#*$!.net.do>
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: lost connection after RCPT from unknown[190.166.#*$!.#*$!]
Sep 25 21:59:49 mydomain postfix/smtpd[#*$!]: disconnect from unknown[190.166.#*$!.#*$!]
-------------------------
The server is low traffic in general.
I was just wondering if the logfiles are showing that the blocking method is efficient, i.e. it's blocking at the right stage and sending the right signal back.
I was also wondering why the emails had not dried up. You would think that the botnet controllers would change the list every few months but this is not the case.
ayucel2 at mydomain has been sent for four years now. Why hasn't the botnet dropped it?
If you can afford use Google domain tools email service. The most of SPAM will be taken care of by Google and you will get almost spam free emails.
I know this is real solution , seems like running away from real problem. But still this is an option with you.
Kaled.
Log analysis is most fruitful in assembling SPAM complaints based on net-blocks to their owners. Many times the headers are forged making the results of these efforts more academic than evidence worthy.
