Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
We currently have a domain that gets 3.5 Million directory harvesting spam messages a month. We have a SMTP filter in front of the current mail server just for this reason.
How does Zimbra handle directory harvesting and could it handle the existing volume? The network edition seems to be what we want but I am concerned about this.
as long as you don't set catchall for the domain, postfix should reject this before amavis handoff, so the hit should be negligable. still, that's a fair amount of hits, can you not keep the filter in place? if not, with reasonable hardware it should cope fine - it works out to just over 1 a second which isn't too bad.
Since Zimbra can handle multiple domains we were thinking of combing them. The filter would be sort of redundant at that point. Yes we can keep it there however.
I wish we could affectively deal with that domain. It stinks that all the owners of the company use it for just them. CPU time on the machine that it runs on hovers around 65% all the time. Trend Micro will be releasing a BotNet tool next month and Spamhaus will be doing something soon too. Not soon enough.
i'm very surprised that little over 1 spam a second that should easily be rejected by a (cached) lookup map should load the cpu so highly. unless i'm missing something, a domain that caters for a few company owners, with catchall turned off, should be very easy to deal with such dictionary attacks.
with zimbra/postfix I've seen domains with catchall turned on certainly kill the machine quickly like this primarily because of the antivirus/spam checks, but for other domains without catchall i've seen very large dictionary attacks (thousands/hr) dealt without the machine batting an eyelid, and it's very underspecced too.
Bugzilla
Wiki
Source
Antispam capacity/performance 
Linear Mode
