I noticed today that there was a significant amount of SMTP traffic to
my little box. When I looked at /var/log/daemon they had all rolled
over in less than 4-5 hours. Most of the entries were spamd reports,
all from the same netblocks.

When I query spamdb I see something like 350,000 greylisted entries to
hosts within the following netblocks:

205.209.128.0/18
208.77.40.0/21

Doing anything with spamdb (to filter or process it in some way) takes
quite a long time -- like over a minute.

Of course, every single one of these attempts has a bogus (and not
trapped) to/from email pair. Postfix would just reject these out of
hand if it ever saw them. I have not idea how long this has been going
on, but I'm seeing messages being rejected several times every second,
with a stall/stutter of just under a minute. And it has been going on
for hours -- at least all morning.

I blacklisted these netblocks (quite frankly, I don't care if there is a
legit message being passed from an IP in this range) and now my spamdb
is starting to shrink.

Anyone else seeing this? Is possible to blow up the spamd database in
this manner, if I hadn't intervened?

At any rate, not one piece of spam got through to my MUA, and I'm
reasonably sure my MTA hasn't seen a message in days (like I said, this
is a very little box that normally sees only a few incoming messages a
week). So, kudos to spamd.

It's just a weird phenom that I thought I'd pass on.
--
clvrmnky <mailto:spamtrap@clevermonkey.org>

Direct replies to this address will be blacklisted. Replace "spamtrap"
with my name to contact me directly.