I've gone brain dead (again:))

[Rebel007]

I seem to remember reading somewhere that if we ask JPC support they will do a security check and server hardening included in our VPS plans once a year or so, is that correct or have I got confused?

The reason I ask is I don't think I have any problems, and I did go through the security settings ages ago, but over time I have had apache corrupted and other problems that have been rectified by support, but may have affected my server security and it would be nice to have it checked by someone that KNOWS what they are doing (unlike me).

I also seem to be getting a number of spam emails supposedly coming from my own server, I know they are not, and they are caught (most of the time) by my mailwasher program but wondered if anyone else had noticed a similar increase in spam recently?

Also my server seems to be running great most of the time, but every now an then it slows to a crawl, and is unusable, I have checked my logs and cannot see anything obvious, so is anyone else having similar issues, I don't want to bug support if its something I am doing, but I dont believe it is tbh.

TIA guys

[homoludens]

I have been having the same issue on draco with occasional slow downs, due to (or at least in correlation with) excessive CPU load. Tech support have advised me that they are monitoring the hardware node, although to no avail so far.

[thisisit3]

I also seem to be getting a number of spam emails supposedly coming from my own server, I know they are not, and they are caught (most of the time) by my mailwasher program but wondered if anyone else had noticed a similar increase in spam recently?

You can stop or minimize that by using SPF records in your domains (DNS 'TXT' record) and by making your spam tool use SPF records on incoming emails.

Thus, fake emails that pretend to come from your domains will fail.

[jason]

...but wondered if anyone else had noticed a similar increase in spam recently?

Yes, I have. I think it stems from that fact that, traditionally, organizations haven't filtered mail coming from within their own domains--a matter of trust that of their own users. Spammers seem to be capitalizing on that these days.

We've had a similar issue on campus lately. In the past we never filtered mail coming from within our IP block, but with the prevalence of botnets and students that don't keep their personal networks up to date it was discovered that a lot of spam coming into campus was originating on our campus!

If anyone is interested, our "email guy" released some stats about our spam content last week. He says that we receive almost 1.5 million spam messages per day from our external mail gateway and more than 95% of the mail coming on to the campus these days is spam. We have about 15,000 students and 3,500 faculty and staff--or roughly 18,500 mail accounts.

--Jason

[Rebel007]

Yes, I have. I think it stems from that fact that, traditionally, organizations haven't filtered mail coming from within their own domains--a matter of trust that of their own users. Spammers seem to be capitalizing on that these days.

We've had a similar issue on campus lately. In the past we never filtered mail coming from within our IP block, but with the prevalence of botnets and students that don't keep their personal networks up to date it was discovered that a lot of spam coming into campus was originating on our campus!

If anyone is interested, our "email guy" released some stats about our spam content last week. He says that we receive almost 1.5 million spam messages per day from our external mail gateway and more than 95% of the mail coming on to the campus these days is spam. We have about 15,000 students and 3,500 faculty and staff--or roughly 18,500 mail accounts.

--Jason

Thanks Jason, that confirms what I suspected but until you posted I had no facts to base my assumption on, however what you have said makes perfect sense.

[Vin DSL]

I also seem to be getting a number of spam emails supposedly coming from my own server, I know they are not, and they are caught (most of the time) by my mailwasher program but wondered if anyone else had noticed a similar increase in spam recently?

You can stop or minimize that by using SPF records in your domains...

Thus, fake emails that pretend to come from your domains will fail.

We've had a similar issue on campus lately. In the past we never filtered mail coming from within our IP block, but...

Yep!

Spoofed addies (from your own domain) have become a nuisance lately!

Welcome to the club!

The answer, for me, was simple!

I assume you have disabled the 'catchall' feature and are 'failing' them. If not, this is the first thing you should do.

Secondly, I only have, like, 10 mail accounts on my domain, so I've white-listed them SPECIFICALLY. Before, I was being lazy and stupid, and white-listed anything (theoretically) coming from my domain (big mistake). I would *imagine* most ppl have done this, and the spammers have discovered this hole!

That takes care of most of the spoofed 'from [myself]' spam - except the few SPECIFICALLY white-listed addies mentioned. So, I'm still occasionally getting spam from 'myself'...

The 'problem' with white-listing addies is it actually scores them '-100', so I still need to re-weight this score to '-25' or something more realistic, you know?

[Vin DSL]

LoL!

Did that make sense to anyone but me?

[Gwaihir]

Yes, it makes sense. But if you're putting that much effort in, I'd use SPF as the basis, like Thisisit3 suggests. Once you put a valid SPF record in place (as I think you already did), you know with 100% certainty that any mail claiming to be from your domain but not matching the SPF is fake.