I have a domain which is receiving lots of junk mail; perhaps "backscatter" from some spamming. I thought I'd share my experience dealing with it.
This was seriously hammering my server:
One solution which helped was to change the default address from
:blackhole to :fail
This did massively reduce the server load. However it means I'm now backscattering junk myself from this domain.
One question is - is there anyway I can get the effect of :blackhole with the server load of :fail
I watched the junk via:
tail -f /var/log/exim_mainlog
Something else which might help others - my server was so overwhelmed I could not get to WHM/Cpanel
so via ssh I ran:
perl -pi -e "s/:blackhole:/:fail:/g;" /etc/valiases/thedomainname.co.uk
then restarted
This gave me most of my functionality back...
Another question - why did it take some time for some domains to work? accessing sites via IPs worked straight away, but even though BIND was up and working again accessing by domain didn't - it took a few minutes - as if something was propagating? Perhaps some DNS cache somewhere on my ISP maybe???
I then changed the MX record on the domain to mail.example.com (this hasn't had much effect) yet, the site runs a forum so I'll have to turn it back at somepoint but I thought this might help get rid of this evening's problem?
Any comments / suggestions?
This was seriously hammering my server:
Code:
top - 02:09:37 up 60 days, 10:11, 1 user, load average: 22.36, 85.27, 83.81
Tasks: 197 total, 2 running, 195 sleeping, 0 stopped, 0 zombie
Cpu(s): 7.0% us, 1.3% sy, 0.0% ni, 0.0% id, 91.0% wa, 0.7% hi, 0.0% si
Mem: 506736k total, 482052k used, 24684k free, 7100k buffers
Swap: 1015800k total, 981944k used, 33856k free, 32044k cachedOne solution which helped was to change the default address from
:blackhole to :fail
This did massively reduce the server load. However it means I'm now backscattering junk myself from this domain.
One question is - is there anyway I can get the effect of :blackhole with the server load of :fail
I watched the junk via:
tail -f /var/log/exim_mainlog
Something else which might help others - my server was so overwhelmed I could not get to WHM/Cpanel
so via ssh I ran:
perl -pi -e "s/:blackhole:/:fail:/g;" /etc/valiases/thedomainname.co.uk
then restarted
This gave me most of my functionality back...
Another question - why did it take some time for some domains to work? accessing sites via IPs worked straight away, but even though BIND was up and working again accessing by domain didn't - it took a few minutes - as if something was propagating? Perhaps some DNS cache somewhere on my ISP maybe???
I then changed the MX record on the domain to mail.example.com (this hasn't had much effect) yet, the site runs a forum so I'll have to turn it back at somepoint but I thought this might help get rid of this evening's problem?
Any comments / suggestions?
