Forum Moderators: bakedjake
I don't want to spend more money on a server upgrade I just want to stop or sow down the assaults. I have very effective robot banning on my website, but not very good email sender banning. I do run spam assassin, however emails still get through just to be deleted on my pc.
So, I modified my sendmail CF (configuration) file as follows:
# maximum number of children we allow at one time
O MaxDaemonChildren=10
from 30
# load average at which we delay connections; 0 means no limit
O DelayLA=4
from 10
# load average at which we refuse connections
O RefuseLA=6
from 20
# maximum number of children we allow at one time
O MaxDaemonChildren=10
from 30
In summary, I changed my server to stop accepting email connections at a load average of 6 and to delay connections at 4. I reduced the connection to 10 and the children.
Seems to work at the moment - am I missing anything?
[edited by: Edge at 2:28 pm (utc) on Feb. 12, 2008]
Your main problem is using SpamAssassin after the emails have been loaded. this causes load on sendmail, and on SpamAssassin to scan every mail.
If you already have SpamAssassin configured to automatically block emails from IP addresses which are listed in one of the remote blocklists (spamhaus, etc), you might consider putting that IP check not after sendmail, but before. In this way the email is rejected as soon as the spammer connects to your server and it doesn't consume processing power from sendmail and spamassassin.
Maybe blocking based on remote block lists (RBL) is a feature in sendmail, but to be honest I don't know; I am a qmail user. With my qmail installation I had to use an external small utility called rblsmtpd which fakes to be the real SMTP server until it has checked if the IP address is from a SPAM source. If the IP address is accepted, the SMTP connection is transparently rerouted to my real qmail SMTP server, otherwise the connection is dropped with an error message.
