[nSLUG] smtp relay through eastlink and ESET Nod32 tagline = disappearing email

D G Teed donald.teed at gmail.com
Fri Oct 30 22:21:26 ADT 2009


On Fri, Oct 30, 2009 at 1:14 PM, George N. White III <gnwiii at gmail.com>wrote:

>
> At times, I have had 1000's of virus-related mails an hour on my
> chebucto address.  Many of those were bounces.  In such cases trounce
> is the only option.


Usually this means your address was used as the from address in
a spam batch, or something equivalent happened with a backscatter
incident.  They usually happen once and then everything is quiet.

At work we've been using VBOUNCE for spam tagging things
that look like back scatter.  There is one bug in VBOUNCE if using
SA less than 3.3 causing false positives from some auto-generating
mail sources.


>  The real issue is that a big mail server requires 7/24
> attention to adjust to circumstances.  If you use blacklists you need ways
> to check that they are being maintained in a sensible fashion.


Trend Micro's paid service and spamhaus is all that I trust.  We quickly
learn of false positives and both of these have been very high quality.


>  Do you keep
> stats on the numbers of bounced/trounced emails per hour?  I suppose it
> would be good to break down the stats into groupings, e.g., a few server
> addresses that are responsible for a bulk of the mails plus "the others".
>

We rarely get into black listing anything manually.  We keep stats on daily
basis
and also graph queue size in cacti with 5 minute intervals.
That is on the work side.  At home, the volume is ultra low.

--Donald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20091030/b4e4f7ea/attachment.html>


More information about the nSLUG mailing list