Byteplant Forum

Home » CleanMail Support » CleanMail Server Talk » Harvester attack - lost mail?
Harvester attack - lost mail? [message #901] Thu, 11 November 2004 16:00
Mark Haller
Messages: 27
Registered: August 2004
Junior Member

Hi there,

I am unsure how NST works when there are 10 ports, for instance, maximum to listen and send SMTP traffic, and there are other mails waiting to come in?

We have had a lot of SPAM and Harvester attacks over the last few weeks and a lot of mails we send or are supposed to receive are just not coming in.

Is it possible that the NST proxy can be overwhelmed and just REJECT the mails coming in or going out?

This never used to happen when we didn't use NST - mails just were not lost. You could go and see them queuing up on the server and you just had to wait.

Many thanks in advance

Mark Haller
UK
Re: Harvester attack - lost mail? [message #902 is a reply to message #901] Thu, 11 November 2004 17:49 Go to previous message
support
Messages: 918
Registered: April 2004
Senior Member
> I am unsure how NST works when there are 10 ports, for
> instance, maximum to listen and send SMTP traffic, and there
> are other mails waiting to come in?

The sending MTA retries to re-send the message for some time, until it gets through. If it doesn't get through after a configurable timeout (about 48hours), the sending MTA creates a mail delivery failure report and returns it to the sender.

Unfortunately few people nowadays read mail delivery failure reports, as most of them are faked and infected with viruses.

> We have had a lot of SPAM and Harvester attacks over the last
> few weeks and a lot of mails we send or are supposed to receive
> are just not coming in.

Try not to send outgoing mails over NoSpamToday!, this increases the load unnecessarily. Bypass NoSpamToday!, and use your mail server directly.

We just released version 2.0.1.2 (see the upcoming announcement). We tweaked some resource management parameters. These tweaks should help performance under heavy load.

Also, check the log for irregularities, and add the directory harvesters onto the Helo Reject List / Host Reject List of the traffic limiting options.

> Is it possible that the NST proxy can be overwhelmed and just
> REJECT the mails coming in or going out?

No. It may not accept connections, which is interpreted by senders as a temporary failure, and the sender will retry later (see above).

> This never used to happen when we didn't use NST - mails just
> were not lost. You could go and see them queuing up on the
> server and you just had to wait.

I guess you are talking about outgoing mail. We experience the same, and we send outgoing mail directly. Sometimes mail is bounced, and if it isn't, sometimes customers still complain about never getting mails. Internet mail is getting more and more unreliable, thanks to spammers' and virus authors' work.



Customer Support
Byteplant GmbH
Previous Topic: lock failed ?
Next Topic: Accept & Redirect?
Goto Forum:
  


Current Time: Sun Sep 25 12:34:25 CEST 2016