« Shortening FOSS transaction time  •  Fighting the Good Fight »

MyDoom.M hits

July 27, 2004 in General by scott

This morning about 7am PST we had MyDOOM.M hit us pretty hard. The graphs below outline what happened this morning.

At one point we were rejecting close to 2000 messages a minute as virii. In total we blocked well over 1 million messages and countless other with firewalling.

Our mail relays also act as the primary anti-spam/anti-virus relays for mozilla.org, php.net and Freenode.

We can see from the graphs the obvious limitations in our configurations. We have some pretty good hardware but the amavisd-new processes spent far too much time chewing on bogus emails when it should have just rejected them outright. At one point I was actually /dev/null’ing postmaster@mozilla.org because of the deluge.

Its almost 7pm PST now and the calm is settling back in. After running some numbers on “bad” clients we’re not blocking over 1300 machines from connecting to our relays (gotta love iptables). Its not ideal, but it will get us through until things calm down.

I’ll be looking into ways to streamline or speed up the amavisd-new processes and possibly split out the virus checking before it gets to amavisd-new. It just couldn’t handle the load.

About

This is the blog of Scott Kveton, digital identity promoter, open source contributor, avid gardener, passionate pizza maker, loving husband and proud father. Read More ...

Also Known As

Once or twice in my life people have mis-spelled my name (I know, its a shocker) ... you may have seen my lastname appear as any or all of the following:

Kverton • Kvelton • Keaton
Rueton • Kreton • Kventon
Kevton • Kevin • Smith (true story)
Kueton• Kvetan• Keveton


    Note: This post is over 4 years old. You may want to check later in this blog to see if there is new information relevant to your comment.