Mail server load

So far today:

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
137 BAD
1732 BANNED
4435 INFECTED
6029 Passed,

And still some make it through given some of the messages that are
reaching the list today ("That movie" or "My details"). :-(

---------------
Francois

Home page: http://www.monpetitcoin.com/

"Would Descartes have programmed in Pascal?" - Umberto Eco

On Wed, 20 Aug 2003, Francois Suter wrote:

So far today:

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
137 BAD
1732 BANNED
4435 INFECTED
6029 Passed,

And still some make it through given some of the messages that are
reaching the list today ("That movie" or "My details"). :-(

Actually, unless I'm mistaken, none have made it through ... at least all
the ones with subject's like "That movie" that I've opened (thank god for
Unix) didn't actually have anything attached, at least as far as those
coming from the list have been concerned ...

For instance, one to -hackers that I just received with a subject of
"Details" was 3.2k ... based on my personal mailbox, if the virus was
actually attached, it would have been >100k in size ...

On 20/08/2003 08:18 Nigel J. Andrews wrote:

Marc, I'd be interested in seeing the updated stats for this bought of
virus
transmission we're going through.

Yesterday you had almost 1 for 1 valid email. By then I think I was
getting
about 3-4 per valid email but since then it's sky rocketed and it looks
more
like 30+ per 1 valid message.

I'd just be interested if that's the same others are seeing since I
believe the
virus picks up my email address from the messages sent to the lists.

There's a few come thru the list to me and I had a few more yesterday as
part of the daily spam. Like most people from the non-M$ world, this sort
of thing just passes me by :)

-- 
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller 
Business |
| Computer Consultants         | 
http://www.thomas-micro-systems-ltd.co.uk   |
+------------------------------+---------------------------------------------+

On Wed, 20 Aug 2003, Paul Thomas wrote:

There's a few come thru the list to me and I had a few more yesterday as
part of the daily spam. Like most people from the non-M$ world, this sort
of thing just passes me by :)

I'm looking into how to add a 'taboo subject' filter onto the mj2 lists
themselves ... right now, I have a personal filter on:

elsif anyof (header :contains ["Subject"] "Approved",
header :contains ["Subject"] "Thank you!",
header :contains ["Subject"] "That movie",
header :contains ["Subject"] "Your details",
header :contains ["Subject"] "Wicked screensaver") {
fileinto "INBOX.garbage";
}

I can't think of anyone using anything but *maybe* the Approved one in
their Subject, so there shouldn't be too many false positives ...
hopefully hear something from the mj2 guys relatively soon ...

On Wed, 2003-08-20 at 08:11, The Hermit Hacker wrote:

On Wed, 20 Aug 2003, Paul Thomas wrote:

There's a few come thru the list to me and I had a few more yesterday as
part of the daily spam. Like most people from the non-M$ world, this sort
of thing just passes me by :)

I'm looking into how to add a 'taboo subject' filter onto the mj2 lists
themselves ... right now, I have a personal filter on:

elsif anyof (header :contains ["Subject"] "Approved",
header :contains ["Subject"] "Thank you!",
header :contains ["Subject"] "That movie",
header :contains ["Subject"] "Your details",
header :contains ["Subject"] "Wicked screensaver") {
fileinto "INBOX.garbage";
}

I can't think of anyone using anything but *maybe* the Approved one in
their Subject, so there shouldn't be too many false positives ...
hopefully hear something from the mj2 guys relatively soon ...

Little does Marc know that the guys from 20th Century Fox have just
scrapped their idea to do a "History of PostgreSQL" move after repeated
attempts to contact anyone on the mailing lists never got through ;-)

Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL

"Nigel J. Andrews" <nandrews@investsystems.co.uk> writes:

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

FWIW, this is what I see in traffic to an address I've had to abandon
because of spam:

488 Aug 8
433 Aug 9
435 Aug 10
426 Aug 11
504 Aug 12
458 Aug 13
469 Aug 14
390 Aug 15
433 Aug 16
371 Aug 17
520 Aug 18
36473 Aug 19
35808 Aug 20

It's about 3pm local time here, so by midnight the stat for today will
probably be nearly double yesterday's total.

The spam traffic had been around 2K/day at the beginning of the year,
but tapered off to around 500 as you see above. This spike is ten times
the highest I've seen before. If I were actually downloading this crap,
and not rejecting it at the SMTP handshake, my DSL line would be
saturated :-(

regards, tom lane

16:00 ...

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
285 BAD
1807 BANNED
12289 INFECTED
11731 Passed,
5 SA
1 turned

Here's a normal day:

neptune# cat /var/log/amavisd.o | grep "Aug 17" | awk '{print $7}' | sort
| uniq -c
332 BAD
13 BANNED
938 INFECTED
3792 Passed,

On Wed, 20 Aug 2003, Tom Lane wrote:

"Nigel J. Andrews" <nandrews@investsystems.co.uk> writes:

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

FWIW, this is what I see in traffic to an address I've had to abandon
because of spam:

488 Aug 8
433 Aug 9
435 Aug 10
426 Aug 11
504 Aug 12
458 Aug 13
469 Aug 14
390 Aug 15
433 Aug 16
371 Aug 17
520 Aug 18
36473 Aug 19
35808 Aug 20

It's about 3pm local time here, so by midnight the stat for today will
probably be nearly double yesterday's total.

The spam traffic had been around 2K/day at the beginning of the year,
but tapered off to around 500 as you see above. This spike is ten times
the highest I've seen before. If I were actually downloading this crap,
and not rejecting it at the SMTP handshake, my DSL line would be
saturated :-(

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org

holy S**T!!

The Hermit Hacker wrote:

On Wed, 20 Aug 2003, Dennis Gearon wrote:

holy S**T!!

Particularly the 'Passed' number. Now I'm not subscribed to all of the lists
but I am on -general, -hackers and a couple of others like -interfaces and yet
I would say that the volume of email I'm seeing from the lists is far lower
than normal _not_ more by a factor of 3-ish.

BTW, I wasn't suggesting the virus emails I get come through the lists, was
just refering to the harvesting of my email address by the virus.

[Tom's numbers are absolutely amazing. I seem to be up to around 60 per minute
now]

On Wed, 20 Aug 2003, Nigel J. Andrews wrote:

On Wed, 20 Aug 2003, Dennis Gearon wrote:

holy S**T!!

Particularly the 'Passed' number. Now I'm not subscribed to all of the lists
but I am on -general, -hackers and a couple of others like -interfaces and yet
I would say that the volume of email I'm seeing from the lists is far lower
than normal _not_ more by a factor of 3-ish.

The # Passed is what amavisd passed through to majordomo2 ... majordomo2
then takes everything that amavisd marked as being spam and trashes those
... and then everything that is from ppl not subscribed to the lists has
to get approved by 'the moderator', which I'm currently going through ...
only 400 more to go, 399 of which are most likely stuff amavisd didn't
catch as spam *sigh*

Oh ... also consider that a *very* large portion of the messages that
Passed are also postmaster messages for messages bounced ... I have a
filter on my mail for that to put it into its own mailbox ... since Aug
18th, there have been 12622 messages delivered to that mailbox ... and
there is also all the subscribe/unsubscribe requests ... all of which
would have been Passed thorugh amavisd ...

The Hermit Hacker wrote:

16:00 ...

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
285 BAD
1807 BANNED
12289 INFECTED
11731 Passed,
5 SA
1 turned

Here's a normal day:

neptune# cat /var/log/amavisd.o | grep "Aug 17" | awk '{print $7}' | sort
| uniq -c
332 BAD
13 BANNED
938 INFECTED
3792 Passed,

On Wed, 20 Aug 2003, Tom Lane wrote:

"Nigel J. Andrews" <nandrews@investsystems.co.uk> writes:

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

FWIW, this is what I see in traffic to an address I've had to abandon
because of spam:

488 Aug 8
433 Aug 9
435 Aug 10
426 Aug 11
504 Aug 12
458 Aug 13
469 Aug 14
390 Aug 15
433 Aug 16
371 Aug 17
520 Aug 18
36473 Aug 19
35808 Aug 20

It's about 3pm local time here, so by midnight the stat for today will
probably be nearly double yesterday's total.

The spam traffic had been around 2K/day at the beginning of the year,
but tapered off to around 500 as you see above. This spike is ten times
the highest I've seen before. If I were actually downloading this crap,
and not rejecting it at the SMTP handshake, my DSL line would be
saturated :-(

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org