Sooner or later it might happen to you: a spammer or a virus
is using one of your email addresses as
From: address, and you get thousands
of non-delivery reports from all around the world.
Mail servers try to deliver mail as fast as possible, and so they open more than one connection to your mail server. If a server has thousands of non-delivery reports queued for you, it can easily happen that this server alone is capable of pushing your server to its limit with spam filtering and anti-virus checking for several hours. During this time, your legitimate incoming mail traffic might be slowed down to a trickle.
CleanMail provides the means to reduce the impact of this problem.
If you take a look into the CleanMail log, or in the "top senders" list, you will usually find a pattern: only a few badly configured mail hosts are the source of these mails.
Sometimes it might help to send the administrator of these sites a mail to inform them of the errors of their ways (they could have rejected the mail outright, instead of accepting it and sending a non-delivery report to the wrong person afterwards), but this is rarely successful.
Instead, put the name or the IP address of the offending mail host onto your host blacklist. After restarting the CleanMail service, every attempt to send a message to your site from this host will fail with an error response. After a few days you can try to revoke this restriction.
The host blacklist setting also supports wild card characters.
11.22.33.* or similar to reject IP address ranges,
*.firstname.lastname@example.org to reject multiple servers by name.
Unless you are a spammer yourself, any mail you send should not result
in the return of more than a few non-delivery reports.
Whenever a mail server tries to send you 5 non-delivery reports at the same time,
it is safe to assume that you don't want to receive them. By setting
HostNDRConnectionCount to a small numeric value (in the range of 1..2),
only 1..2 simultaneous connections sending a non-delivery report are allowed,
all others are delayed with a temporary error response.
This way, no non-delivery report is lost, while a single server can no longer use up
your mail server's resources just with (in most cases useless) non-delivery reports.
In this case, you can use only host names when configuring the host blacklist. To prevent you from shooting yourself in the foot (by blocking all incoming mail), IP addresses in a private network will be silently ignored by CleanMail.
Your feedback is welcome! Please submit hints and suggestions to .