Wed, 01 Nov 2006
Spam, spam, spam
It seems that the total volume of spam has increased radically during the last month. My own spambox is bigger than before - the previous spambox had 770MB and 56k messages, the current one has over a gigabyte and 71k messages (we rotate spamboxes on 10th each month, so the current one will probably be about 50% bigger than it is now). So it would be an increase in spam almost by factor of two in the last month. I am getting more than 3500 spam messages a day, one spam each 24 seconds! And this is just spam recognized by my spam filter, I guess 20-50 messages get through each day.
The IS MU mailserver could not cope with this volume of spam, and the CPU load has caused huge delays in message delivery. So, as a temporary measure, I have switched off some spam filtering features (causing a big uproar amongst users[1]), and I have started to reimplement the server part of the mailserver.
I have replaced Qmail with Postfix (expect more about life with Postfix in the next blogspot :-), added PostGrey, and rewrote the delivery mechanism so that entire our cluster is used for spam filtering (instead of the mailserver only). I have also added ClamAV antivirus scanner.
So, the current IS MU mailserver should be an order of magnitude faster than before, and it will be even more spam-resistant because of additional antispam measures such as greylisting. It took me about three weeks to redesign and reimplement it, but I think we are prepared for the next wave of spam.
Footnote [1]: Of course, when somebody complains "Fix your f*cking spam filter, I receive five spams a day!", I can always reply "Lucky you, I get 3500+ spams daily." :-)
11 replies for this story:
Anydot wrote: Congratz
That you choosed postfix
thingie wrote: Of course
Ready for the previous war...?
Honza Holčapek wrote: Poor you
3500+ spams a day is terrible number. Just a minor note: shouldn't you use "fix your f*ucking" instead of "fix your f*ucked"?
Milan Zamazal wrote:
Greylisting is a good antispam method as it puts the burden on spammers too. Just beware of relays sending mail to you -- greylisting them burdens just you and the relay instead of spammers (well, preferably motivating the relay admins to apply effective antispam means on their sites too). Non-filtering relays require special handling such as combining greylisting with other methods (for instance I'm going to apply razor on debian.org relays which are responsible for most of the spam passing through my primary shield).
Yenya wrote: Re: Of course
What war?
Yenya wrote: Re: Poor you
Thanks, fixed (my English is rather poor, I know :-).
Yenya wrote: Relays
Yes, I know - relays are Evil(tm) and should be avoided.
Honza Holčapek wrote: Re: Re: Poor you
Definitely not, you English is pretty good, and I mean it.
thingie wrote: Re: Re: Of course
Sort of a proverb. You are ready to block spam you've already got. But what about the spam that is going to come tommorow? Vven spammers have to hate spam, I think.
Adelton wrote: Greylisting stats?
Yenya, have you got some statistics of the percentage of emails caught by greylisting?
Yenya wrote: Re: Greylisting stats?
Sorry, I don't have any. I am looking for a statistics package for Postgrey, I don't have time to write it myself.