View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions New domain, endless spam. Old catch all?
Log in to Ask a Question

New domain, endless spam. Old catch all?

email

I recently registered and began hosting a new domain under my Linode account. As soon as everything had been setup, I began receiving an endless stream of SPAM to a few mailboxes under it (about 1 or 2 messages per second). 99% of these are directed at a single user (in the form of domain@domain.com) with the remainder going to about 6 or 7 other mailboxes.

I have faith in my mail server configuration. A majority are receiving 504 and 554 responses. These mailboxes don't exist on my end, the spammers aren't using FQDNs, and a majority are hitting my RBLs. Those that aren't receiving errors are bouncing against my greylist. I'm not a relay, and have been successfully using this server for about a year. Unfortunately, I'm not a professional sys admin, and don't have much experience in stopping these sorts of things properly. I added a few senders to my shorewall blacklist, but these messages are pouring in from thousands of IPs all over the world, so that's kind of fruitless.

I have a feeling I picked up a domain with an old catch-all address that ended up absorbing a ton of crud over the years. Is there any way to effectively stop these bots from even attempting to hit these mailboxes/ my server, or is this something I'll inherit forever? It's not causing me performance or stability issues, but I'd enjoy it if my logs weren't growing and filling with all this junk. Thanks in advance for your suggestions.

10 Replies

You can get a sort of front end service to block the spam if you don't want to configure your own anti-spam techniques.

Like this one:

http://mailroute.info

Wish there was an in-house way to resolve this, but it sounds like the only solution is a mediation server. Mail route looks interesting, will read into it more. Thanks for the info.

If you want to receive mail for that domain, you'll have to receive mail for that domain. No way around it, really. Best bet is to ignore it and let logrotate take care of the logs. You can throw money at the problem and let someone else's logs fill up, but I'd rather spend the money on little chocolate donuts. They're proven to work.

@hoopycat:

If you want to receive mail for that domain, you'll have to receive mail for that domain. No way around it, really. Best bet is to ignore it and let logrotate take care of the logs. You can throw money at the problem and let someone else's logs fill up, but I'd rather spend the money on little chocolate donuts. They're proven to work.

![](" />

@nomad89:

Wish there was an in-house way to resolve this, but it sounds like the only solution is a mediation server. Mail route looks interesting, will read into it more. Thanks for the info.

There is an in-house way:

http://library.linode.com/email/postfix/

http://flurdy.com/docs/postfix/ (random google search result for 'ubuntu postfix spamassassin')

spamassassin, clamav, amavisd, etc are common software used. Though these take some skill and time to setup and get going.

But if you don't want to do that, those other services where you simply adjust your mx record will take care of the spam filtering for you.

Cheers,

Receiving spam attempts is part of having a mail server connected to the Internet. If it really bothers you, then you could set up fail2ban or denyhosts to trigger on attempts to send mail to nonexistent users and block future connections from the responsible hosts (for some period of time). If you want to be especially retaliatory, you could configure fail2ban to set up a TARPIT rule for such hosts.

If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform.

@neo:

If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform.
You have to exceed 100,000 SMTP connections/day and/or 300,000 queries/day before you outgrow their free service.

@vonskippy:

@neo:

If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform.
You have to exceed 100,000 SMTP connections/day and/or 300,000 queries/day before you outgrow their free service. It is a little ironic that 'all' a spammer has to do to circumvent a free service is to send even more spam. Although I guess that's more of an attack than spam.

@vonskippy:

@neo:

If you are using RBLs like spamhaus.org pretty soon they will ask you to pay to continue to use their services because of the volume of checks you perform.
You have to exceed 100,000 SMTP connections/day and/or 300,000 queries/day before you outgrow their free service.
OP said he receives "about 1 or 2 messages per second".

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct