My client is recieving 10,000+ spam emails an hour. The host is getting very upset and is threatening to close the account.

I was thinking of offloading the email to gMail or similar. However, that would have to be setup by an email forward so the initial server would still get hit?

Theres no other way around it is there?

set the email to send an auto reply to every email so the motherf***ers get hit back?

that would only increase load, and the emails would most likely be comming from a comprised machine.

gfi spam protection worked well for me but that sort of load you may need to intercept it at your ISP.

What is the mail server setup?

I don't really get why the host would be getting upset, if its just a regular hosting company? Its just regular incoming traffic.

The only way you can effectively stop it is to change the mail DNS records (MX records) for your domain - that'll stop the mail getting delivered to that server (or change the DNS record for the mail server so it goes to a different IP).

Surf Control / Spam Assassin combo is working pretty well for us.

As trog said if you want to stop the spam coming now you'll need to change the MX record for you domain, that'll stop the mail coming to that server.

But it also means your client won't get normal emails either. Trouble with spam control is that you'll still receive the email traffic eventhough your spam software will bounce them eventually. A longer term solution is to put the spam scanner server in your MX record, get it to bounce all the spam before they enter your network, then only forward the "clean" emails to your users to your internal mail server. But that'll cost money and time to setup....

Have they got many mailboxes? Might be worth investing in a product like PostINI that will intercept the spam before it gets to your ISP.

10,000 spam emails isn't a huge amount per hour for a large ISP, Tell them to take a spoonful of concrete and harden the f*** up.

Also they can try reading http://www.postfix.org/uce.html

It's postfix specific, but has a lot of handy hints and tricks for mail service providers to cull out spam.

^^^ Yeah Postini looks pretty promising esp. now that Google bought them.

we use postini across nearly a thousand mailboxes, it's brilliant!

Awesome

they had one mailbox with catch all. we turned this off of course. they run spam assaign too. the host is getting upset cause its shared hosting, and causing problems on the board.

i was thinking about mx records, but need another host (paid for i guess) to collect. i was thinking of a way to filter through gMail or similar. but i guess you cant point the mx records at gmail?

10.000 thats insane.

i was thinking about mx records, but need another host (paid for i guess) to collect. i was thinking of a way to filter through gMail or similar. but i guess you cant point the mx records at gmail?

Technically you "can" point your MX to any SMTP server but, of course that "any server" may not (and in reality will not) allow open relying for anything other its own domain. This means that all emails to mydomain.com will bounce if you point your MX record to gmail.com.

If you set up another account on a different server/ISP/network that will do all the mail stuff for you i.e. sanitise your emails, then either set up forwarding to your current SMTP server or get your email clients to fetch mail directly from the new server.

If you were going to setup a new server, I'd suggest looking at PostINI because from what I've read (briefly) you only have to change your MX and point that to one of their servers and bam all done. Of course you'll have to pay for it but then you'll have to pay for it anyway if you were going to setup a new server. This way you know all the SPAMs will get dealt with properly etc and you won't get charge for network usage.

Good luck.

Postini looks good, might implement it myself

How do they work it out mailbox wise, from what I can see you sign up and say er I have 20 mailboxes, here is my MX

How do they work it out, etc ???

Stinky ?

they had one mailbox with catch all. we turned this off of course.

wouldn't this just increase the traffic? there'll be user not found bounces, which will try and bounce back to same fake sender which in turn will bounce again back to you. and it might not stop there, depending on the mta's being used.

catching all will just mean spams come in (as they already would) and get delivered - end of story.

Postini looks good, might implement it myself

How do they work it out mailbox wise, from what I can see you sign up and say er I have 20 mailboxes, here is my MX

How do they work it out, etc ???

Stinky ?

You can provide a list of valid email addresses, or it can work it out by the number of emails sent to a specific address, then you confirm a list of them. I think it can also connect to your AD and get a list that way too if you're willing to allow that sort of access.

Any mailboxes that aren't in the list get passed through untested.

wouldn't this just increase the traffic? there'll be user not found bounces, which will try and bounce back to same fake sender which in turn will bounce again back to you. and it might not stop there, depending on the mta's being used.

Edit opps just re-read what you said Jim - stoOpid me


last edited by Opec at 12:44:35 13/Feb/08

oh yeah and I typed 'same fake sender' but I meant 'some fake sender'

Ohhh ok cool

10.000 thats insane.

We have an email box that recieves around 20k a day... not bad for a single virtual domino server with 1000+ mailboxes on it (sits around 4000 transactions per minute).

The easiest solution for your case would probably be to contract out your spam filtering to someone like postini.

thanks guys. found a mail filter reasonably priced. however, the host is shared and cant accpet emails from only 1 ip, so it might not work.

That could be a problem mooby, a lot of spam ignores MX records and goes directly to the mail server. If you can't block everything but the spam filter then you'll still have some slip through the cracks, probably not nearly as much though.