Postfix + Amavisd + Mailbomb = :(

All,

I run a 420R 2x400mhz 4GB ram with following on it:
Solaris 8
Postfix 2.1.5
Amavisd 2.2.1
SpamAssassin 3.0.2
Perl 5.8.5
ClamAv .83

Here's the problem.. some spammers have sent out millions of emails
with my domain as the reply-to. The majority of the email address are
not found in the virtual maps. so I have it forwarded to a local
account which in aliases is dumped to /dev/null

This seemed to work for a while, but now that I've installed amavisd
it seems these mails that are destined for /dev/null are getting tossed
through the content filter causing the box to slow to a crawl. Right
now I have 250k in my incoming queue.

I need to find a way to dump the invalid emails immediately and only
send valid emails through the content filter.

Any help would be greatly appreciated.

Below I have attached what I think are relevant config settings for
postfix:

Thanks

Chris

main.cf:

in_flow_delay = 1

virtual_maps = dbm://opt/postfix/etc/vdomains/domain.com
content_filter = smtp-amavis:[localhost]:10024
local_destination_concurrency_limit = 99
default_destination_concurrency_limit = 40
### Performance tuning.
smtpd_timeout = 20s
smtp_skip_4xx_greeting = yes
smtp_skip_5xx_greeting = yes
smtpd_noop_commands = EHLO
## Queue performance tuning.
## How many can be in active message queue
qmgr_message_active_limit = 25000
## how many in core message recipient structures
qmgr_message_recipient_limit = 100000
qmgr_site_hog_factor = 100
## How long inbetween scans for delayed messages
queue_run_delay = 1000
## How long before queue bounces
maximal_queue_lifetime = 72h
## Minimal amount of time a message won't be looked at after failure to
deliver
minimal_backoff_time = 10000
## Maximal time message won't be looked at after failure
maximal_backoff_time = 40000
default_process_limit = 1024
smtp_destination_concurrency_limit = 40
initial_destination_concurrency=20
trigger_timeout = 1
delay_warning_time = 2
hash_queue_depth = 2
hash_queue_names = defer,deferred,incoming,active
smtp_connect_timeout = 2



master.cf
smtp inet n - n - 1024 smtpd
smtp-amavis unix - - n - 20 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_ unknown_recipient_checks

chris@futuredead.com schrieb:

> Here's the problem.. some spammers have sent out millions of emails
> with my domain as the reply-to. The majority of the email address are
> not found in the virtual maps. so I have it forwarded to a local
> account which in aliases is dumped to /dev/null

How about rejecting mails to users which not exist on your server or
which your server is not responsible for directly in the smtp dialogue?
-> check_recipient_maps
-> local_recipient_maps
-> relay_recipient_maps
-> http://www.postfix.org/uce.html

This is done way before passing an email to amavis.

Cheers,
Jan