Mail server load

So far today:

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
137 BAD
1732 BANNED
4435 INFECTED
6029 Passed,
On Wed, 20 Aug 2003, Nigel J. Andrews wrote:

Marc, I'd be interested in seeing the updated stats for this bought of virus
transmission we're going through.

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

I'd just be interested if that's the same others are seeing since I believe the
virus picks up my email address from the messages sent to the lists.

--
Nigel Andrews

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: sc*****@hub.org secondary: scrappy@{freebsd|postgresql}.org

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

> So far today:

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
137 BAD
1732 BANNED
4435 INFECTED
6029 Passed,

And still some make it through given some of the messages that are
reaching the list today ("That movie" or "My details"). :-(

---------------
Francois

Home page: http://www.monpetitcoin.com/

"Would Descartes have programmed in Pascal?" - Umberto Eco
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postgresql.org

On Wed, 20 Aug 2003, Francois Suter wrote:

So far today:

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
137 BAD
1732 BANNED
4435 INFECTED
6029 Passed,

And still some make it through given some of the messages that are
reaching the list today ("That movie" or "My details"). :-(

Actually, unless I'm mistaken, none have made it through ... at least all
the ones with subject's like "That movie" that I've opened (thank god for
Unix) didn't actually have anything attached, at least as far as those
coming from the list have been concerned ...

For instance, one to -hackers that I just received with a subject of
"Details" was 3.2k ... based on my personal mailbox, if the virus was
actually attached, it would have been >100k in size ...

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postgresql.org

On 20/08/2003 08:18 Nigel J. Andrews wrote:

Marc, I'd be interested in seeing the updated stats for this bought of
virus
transmission we're going through.

Yesterday you had almost 1 for 1 valid email. By then I think I was
getting
about 3-4 per valid email but since then it's sky rocketed and it looks
more
like 30+ per 1 valid message.

I'd just be interested if that's the same others are seeing since I
believe the
virus picks up my email address from the messages sent to the lists.

There's a few come thru the list to me and I had a few more yesterday as
part of the daily spam. Like most people from the non-M$ world, this sort
of thing just passes me by :)

--
Paul Thomas
+------------------------------+---------------------------------------------+
| Thomas Micro Systems Limited | Software Solutions for the Smaller
Business |
| Computer Consultants |
http://www.thomas-micro-systems-ltd.co.uk |
+------------------------------+---------------------------------------------+

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

On Wed, 20 Aug 2003, Paul Thomas wrote:

There's a few come thru the list to me and I had a few more yesterday as
part of the daily spam. Like most people from the non-M$ world, this sort
of thing just passes me by :)

I'm looking into how to add a 'taboo subject' filter onto the mj2 lists
themselves ... right now, I have a personal filter on:

elsif anyof (header :contains ["Subject"] "Approved",
header :contains ["Subject"] "Thank you!",
header :contains ["Subject"] "That movie",
header :contains ["Subject"] "Your details",
header :contains ["Subject"] "Wicked screensaver") {
fileinto "INBOX.garbage";
}

I can't think of anyone using anything but *maybe* the Approved one in
their Subject, so there shouldn't be too many false positives ...
hopefully hear something from the mj2 guys relatively soon ...

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

On Wed, 2003-08-20 at 08:11, The Hermit Hacker wrote:

On Wed, 20 Aug 2003, Paul Thomas wrote:

There's a few come thru the list to me and I had a few more yesterday as
part of the daily spam. Like most people from the non-M$ world, this sort
of thing just passes me by :)

I'm looking into how to add a 'taboo subject' filter onto the mj2 lists
themselves ... right now, I have a personal filter on:

elsif anyof (header :contains ["Subject"] "Approved",
header :contains ["Subject"] "Thank you!",
header :contains ["Subject"] "That movie",
header :contains ["Subject"] "Your details",
header :contains ["Subject"] "Wicked screensaver") {
fileinto "INBOX.garbage";
}

I can't think of anyone using anything but *maybe* the Approved one in
their Subject, so there shouldn't be too many false positives ...
hopefully hear something from the mj2 guys relatively soon ...

Little does Marc know that the guys from 20th Century Fox have just
scrapped their idea to do a "History of PostgreSQL" move after repeated
attempts to contact anyone on the mailing lists never got through ;-)

Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

"Nigel J. Andrews" <na******@investsystems.co.uk> writes:

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

FWIW, this is what I see in traffic to an address I've had to abandon
because of spam:

488 Aug 8
433 Aug 9
435 Aug 10
426 Aug 11
504 Aug 12
458 Aug 13
469 Aug 14
390 Aug 15
433 Aug 16
371 Aug 17
520 Aug 18
36473 Aug 19
35808 Aug 20

It's about 3pm local time here, so by midnight the stat for today will
probably be nearly double yesterday's total.

The spam traffic had been around 2K/day at the beginning of the year,
but tapered off to around 500 as you see above. This spike is ten times
the highest I've seen before. If I were actually downloading this crap,
and not rejecting it at the SMTP handshake, my DSL line would be
saturated :-(

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

16:00 ...

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
285 BAD
1807 BANNED
12289 INFECTED
11731 Passed,
5 SA
1 turned

Here's a normal day:

neptune# cat /var/log/amavisd.o | grep "Aug 17" | awk '{print $7}' | sort
| uniq -c
332 BAD
13 BANNED
938 INFECTED
3792 Passed,

On Wed, 20 Aug 2003, Tom Lane wrote:

"Nigel J. Andrews" <na******@investsystems.co.uk> writes:

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

FWIW, this is what I see in traffic to an address I've had to abandon
because of spam:

488 Aug 8
433 Aug 9
435 Aug 10
426 Aug 11
504 Aug 12
458 Aug 13
469 Aug 14
390 Aug 15
433 Aug 16
371 Aug 17
520 Aug 18
36473 Aug 19
35808 Aug 20

It's about 3pm local time here, so by midnight the stat for today will
probably be nearly double yesterday's total.

The spam traffic had been around 2K/day at the beginning of the year,
but tapered off to around 500 as you see above. This spike is ten times
the highest I've seen before. If I were actually downloading this crap,
and not rejecting it at the SMTP handshake, my DSL line would be
saturated :-(

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: sc*****@hub.org secondary: scrappy@{freebsd|postgresql}.org

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

holy S**T!!
The Hermit Hacker wrote:

16:00 ...

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
285 BAD
1807 BANNED
12289 INFECTED
11731 Passed,
5 SA
1 turned

Here's a normal day:

neptune# cat /var/log/amavisd.o | grep "Aug 17" | awk '{print $7}' | sort
| uniq -c
332 BAD
13 BANNED
938 INFECTED
3792 Passed,

On Wed, 20 Aug 2003, Tom Lane wrote:

"Nigel J. Andrews" <na******@investsystems.co.uk> writes:

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

FWIW, this is what I see in traffic to an address I've had to abandon
because of spam:

488 Aug 8
433 Aug 9
435 Aug 10
426 Aug 11
504 Aug 12
458 Aug 13
469 Aug 14
390 Aug 15
433 Aug 16
371 Aug 17
520 Aug 18
36473 Aug 19
35808 Aug 20

It's about 3pm local time here, so by midnight the stat for today will
probably be nearly double yesterday's total.

The spam traffic had been around 2K/day at the beginning of the year,
but tapered off to around 500 as you see above. This spike is ten times
the highest I've seen before. If I were actually downloading this crap,
and not rejecting it at the SMTP handshake, my DSL line would be
saturated :-(

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: sc*****@hub.org secondary: scrappy@{freebsd|postgresql}.org

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

On Wed, 20 Aug 2003, Dennis Gearon wrote:

holy S**T!!
Particularly the 'Passed' number. Now I'm not subscribed to all of the lists
but I am on -general, -hackers and a couple of others like -interfaces and yet
I would say that the volume of email I'm seeing from the lists is far lower
than normal _not_ more by a factor of 3-ish.

BTW, I wasn't suggesting the virus emails I get come through the lists, was
just refering to the harvesting of my email address by the virus.

[Tom's numbers are absolutely amazing. I seem to be up to around 60 per minute
now]


The Hermit Hacker wrote:

16:00 ...

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
285 BAD
1807 BANNED
12289 INFECTED
11731 Passed,
5 SA
1 turned

Here's a normal day:

neptune# cat /var/log/amavisd.o | grep "Aug 17" | awk '{print $7}' | sort
| uniq -c
332 BAD
13 BANNED
938 INFECTED
3792 Passed,

On Wed, 20 Aug 2003, Tom Lane wrote:

"Nigel J. Andrews" <na******@investsystems.co.uk> writes:

Yesterday you had almost 1 for 1 valid email. By then I think I was getting
about 3-4 per valid email but since then it's sky rocketed and it looks more
like 30+ per 1 valid message.

FWIW, this is what I see in traffic to an address I've had to abandon
because of spam:

488 Aug 8
433 Aug 9
435 Aug 10
426 Aug 11
504 Aug 12
458 Aug 13
469 Aug 14
390 Aug 15
433 Aug 16
371 Aug 17
520 Aug 18
36473 Aug 19
35808 Aug 20

It's about 3pm local time here, so by midnight the stat for today will
probably be nearly double yesterday's total.

The spam traffic had been around 2K/day at the beginning of the year,
but tapered off to around 500 as you see above. This spike is ten times
the highest I've seen before. If I were actually downloading this crap,
and not rejecting it at the SMTP handshake, my DSL line would be
saturated :-(

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to ma*******@postgresql.org)

On Wed, 20 Aug 2003, Nigel J. Andrews wrote:

On Wed, 20 Aug 2003, Dennis Gearon wrote:

holy S**T!!
Particularly the 'Passed' number. Now I'm not subscribed to all of the lists
but I am on -general, -hackers and a couple of others like -interfaces and yet
I would say that the volume of email I'm seeing from the lists is far lower
than normal _not_ more by a factor of 3-ish.

The # Passed is what amavisd passed through to majordomo2 ... majordomo2
then takes everything that amavisd marked as being spam and trashes those
.... and then everything that is from ppl not subscribed to the lists has
to get approved by 'the moderator', which I'm currently going through ...
only 400 more to go, 399 of which are most likely stuff amavisd didn't
catch as spam *sigh*

Oh ... also consider that a *very* large portion of the messages that
Passed are also postmaster messages for messages bounced ... I have a
filter on my mail for that to put it into its own mailbox ... since Aug
18th, there have been 12622 messages delivered to that mailbox ... and
there is also all the subscribe/unsubscribe requests ... all of which
would have been Passed thorugh amavisd ...

The Hermit Hacker wrote:

16:00 ...

neptune# awk '{print $7}' /var/log/amavisd | sort | uniq -c
285 BAD
1807 BANNED
12289 INFECTED
11731 Passed,
5 SA
1 turned

Here's a normal day:

neptune# cat /var/log/amavisd.o | grep "Aug 17" | awk '{print $7}' | sort
| uniq -c
332 BAD
13 BANNED
938 INFECTED
3792 Passed,

On Wed, 20 Aug 2003, Tom Lane wrote:
>"Nigel J. Andrews" <na******@investsystems.co.uk> writes:
>
>>Yesterday you had almost 1 for 1 valid email. By then I think I was getting
>>about 3-4 per valid email but since then it's sky rocketed and it looks more
>>like 30+ per 1 valid message.
>
>FWIW, this is what I see in traffic to an address I've had to abandon
>because of spam:
>
> 488 Aug 8
> 433 Aug 9
> 435 Aug 10
> 426 Aug 11
> 504 Aug 12
> 458 Aug 13
> 469 Aug 14
> 390 Aug 15
> 433 Aug 16
> 371 Aug 17
> 520 Aug 18
>36473 Aug 19
>35808 Aug 20
>
>It's about 3pm local time here, so by midnight the stat for today will
>probably be nearly double yesterday's total.
>
>The spam traffic had been around 2K/day at the beginning of the year,
>but tapered off to around 500 as you see above. This spike is ten times
>the highest I've seen before. If I were actually downloading this crap,
>and not rejecting it at the SMTP handshake, my DSL line would be
>saturated :-(

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: sc*****@hub.org secondary: scrappy@{freebsd|postgresql}.org

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postgresql.org