Topic: Spam mail choking us to death

[mindea]

We run our mail server on E-Smith 6.0. Though we employ and outside service to filter our mail for spam (they delete spam; they do not send it on to us), we still get mountains of junk mail. I suspect spammers are dropping the mail directly on our server. Over the course of a couple of months we have accumulated over 3 gigs of undeliveralbe mail. E-Smith gives me two options for handling undeliverable mail: return it or send it to the admin account. Well, I know trying to return it would be pointless because most of it has spoofed return address, so I have it delivered to a user account I created for the purpose called "yspam".

The problem now is that it's extremely hard to delete the mail. Trying to login via webmail times out over and over -- it's just more than the system can handle. I've gone in on the command line to the yspam\Maildir\cur folder and deleted the entire contents (find . -name '1*' -print0 | xargs -0 rm) but then more mail floods in to fill it. (I guess cur only holds a limited number of messages??)

Could I delete the user, yspam? When I delete a user, does it dump all their pending mail files? Or can I run some kind of scheduled batch file to delete files on a regular basis?

Any help would be appreciated.

Mindea

[egerards]

I suspect that the number of messages 'cur' can hold is not unlimited, however still rather large (at least several thousands).

If you simply want to delete every single mail that ends up at your 'yspam' account, you could install the 'user manager panel' contrib. For account 'yspam' you create a procmail rule which deletes every incoming mail. You can achieve this by creating a rule which performs an action  (delete the mail) if the mail size is greater than 1 byte.

I was wondering: have you installed the Spamassassin contrib as can be found on http://sme.swerts-knudsen.dk/ ? If combined with RBL lists, this contrib is a very powerful tool in the battle against spam. In addition perform the 'Delete double bounce' howto and the majority of spam should end up in 'null space'.  

[Malakai]

I would be trying SpamAssassin and setting the (Automatic deletion of spam with score above 15:) option to YES.

Spam messages with a score above 15 - 0.05% false positives according to SpamAssassin.org? (SpamFilter will only autodelete if the users are located on the local server)

Also you could try setting the sensitivity higher, maybe.

[hordeusr]

What outsourced company does your filtering?  Most aren't very good that I've ever seen.  Install ASSP, train it, and enjoy.  I'm still suprised how well it works.  It will also block executable attachments (and any other attachment you want to block).  If your domain is routed through an external provider for scanning, then nobody is going to be able to send directly to your server via that domain.

[Wooderson]

You could also add a SPF record to your DNS records. May help with spam that looks like it came from yourself or your own domain.

http://spf.pobox.com/

[mindea]

Thanks all for your suggestions. I'll get the SPF record done right away.

We use a company called Mail-Filters for the filtering. They block over a thousand messages per hour, but they do not use DBL blocking, nor do they provide Reverse NDR. I know it would help if I could restrict all incoming SMTP traffic to only Mail-Filters' IP addresses, but I don't see how to do this with E-Smith and my (cheap) firewall does not offer that feature.

Sounds like ASSP and/or SpamAssassin is the ticket. What's the difference between ASSP and SpamAssassin? Should I install both?

And pursuant to my related question -- does removing a user using the Server-Manager delete all the users pending and waiting email? I am eager to recover the disk space consumed.