Unplugged

On Tuesday night the amount of spam delivered to my server dropped to about the half of the former average. My mailserver was still doing well as there were still eMails coming in. But some hours after my discovery I found the explaination in an article of the famous german online and print IT publisher heise.

The two main ISPs of the American hoster McColo pulled the plug of his internet connection. Based in California McColo supposably gave refuge for master servers of several spam bot nets. The Washington Post covered this story as well. According to IronPort, spam levels fell by 66% in this night.

It’s a pity for all reputable customers of McColo’s – sorry, but I welcome this action. I hope you’ll quickly find a new hoster.

Some months ago I set up mailgraph on my server. Mailgraph is nice mail log analyser and visualiser. It watches Postfix or Sendmail log files and creates daily, weekly, monthly and yearly graphs. I regularly check these graphs. So I discovered the unusual low mail reject rates Tuesday night already. And even days later the spam levels stay at that level. Here is my weekly graph two days after McColo went offline:

Mailgraph two days after McColo's internet connection was cut

Mailgraph two days later

But I wanted to have my own numbers. So I quickly did some calculations and compared the first McColo-offline-day (Wednesday) numbers with the former average:

  • overall connections to my mailserver dropped to 48%
  • overall rejects as well are at 48%
  • rejects because of invalid helo hostname even are at 44%
  • mail rejects from known spam sources are down to 38%
  • rejects because of invalid recipient fell to 50%

Now it even got more interesting monitoring the statistics to find out when the spam rates start to rise again. Somehow I doubt that the bot net creators will fail to even get parts of their system back under control.