Domain Manage

Dealing with incomming junk mail

Discussion in 'Website Design' started by mishmash, Aug 27, 2008.

Thread Status:
Not open for further replies.
  1. mishmash

    mishmash Active Member

    Jan 2005
    Likes Received:
    I have a domain which is receiving lots of junk mail; perhaps "backscatter" from some spamming. I thought I'd share my experience dealing with it.

    This was seriously hammering my server:
    top - 02:09:37 up 60 days, 10:11,  1 user,  load average: 22.36, 85.27, 83.81
    Tasks: 197 total,   2 running, 195 sleeping,   0 stopped,   0 zombie
    Cpu(s):  7.0% us,  1.3% sy,  0.0% ni,  0.0% id, 91.0% wa,  0.7% hi,  0.0% si
    Mem:    506736k total,   482052k used,    24684k free,     7100k buffers
    Swap:  1015800k total,   981944k used,    33856k free,    32044k cached
    One solution which helped was to change the default address from
    :blackhole to :fail

    This did massively reduce the server load. However it means I'm now backscattering junk myself from this domain.

    One question is - is there anyway I can get the effect of :blackhole with the server load of :fail

    I watched the junk via:
    tail -f /var/log/exim_mainlog

    Something else which might help others - my server was so overwhelmed I could not get to WHM/Cpanel

    so via ssh I ran:
    perl -pi -e "s/:blackhole:/:fail:/g;" /etc/valiases/

    then restarted

    This gave me most of my functionality back...

    Another question - why did it take some time for some domains to work? accessing sites via IPs worked straight away, but even though BIND was up and working again accessing by domain didn't - it took a few minutes - as if something was propagating? Perhaps some DNS cache somewhere on my ISP maybe???

    I then changed the MX record on the domain to (this hasn't had much effect) yet, the site runs a forum so I'll have to turn it back at somepoint but I thought this might help get rid of this evening's problem?

    Any comments / suggestions?
  2. Domain Forum

    Acorn Domains Elite Member

    Likes Received:
  3. monaghan United Kingdom

    monaghan Moderator Staff Member

    May 2007
    Likes Received:
    If this is your own box, try ASSP, this dropped my load significiantly on shared hosting boxes. There's a couple of threads over at the forums with further details and if you look at ASSPX it's a free implementation direct into cPanel.
  4. blacknight Ireland

    blacknight Active Member

    Apr 2007
    Likes Received:
    If you have root access to the server, which you seem to have, I'd recommend setting up exim to drop connections from any host that is listed in spamhaus. We're dropping several million emails a day using this and it makes life a lot easier :)
Thread Status:
Not open for further replies.

Share This Page