[Mimedefang] Tuning for taking mail from qmail - practicallydenial of service

[Lucas Albers]

You could also use the gentoo ipblock script to just block connections
from one particular machine.
Syntax for example is like this:
ipblock 145.xx.22.22 on

This dynamically inserts the block in the correct place in iptables,
then running:

Syntax to remove it from the firewall is:
ipblock 145.xx.22.22 off

Or even more finegrained way to block....
You could limit the number of simultaneous tcp connections to port 25.

host-tcplimit PORT RATE {second/minute/hour/day} {on/off}
Description: Limits rate of incoming TCP connections to local PORT

Or you could use greylisting to tempfail connections if you receive more
then N number of connections from the same ip address in N period of time.

(too much effort to code up, imo.)

Or a perl script that monitors the number of connections and then
dynamically adds in a choke on that connection, and then does a clean on
machine's it's blocking every few minutes.
(working on a perl script to do this, as I encounter a similar problem to
this.)


David F. Skoll said:
> On Fri, 16 Apr 2004, Alton Yu wrote:
>
>> As some of your probably know, qmail sends a lot of mail at a time and
>> does
>> not do connection caching, so it'll just hit the box with 15 or so mails
>> at
>> a time if the mail is destined for that specific host.
>
>> My mail server seems to keep running out of slaves every time the sender
>> does a queue run and 1/2 of it doesn't finish, so it'll just take my box
>> out
>> momentarily for 5 minutes at a time.
>
> Take a look at the new notification facility in 2.42.  When you run out of
> slaves, you can add a firewall rule to reject connections on port 25.
> That
> makes qmail give up quickly without overburdening you server.
>
> David.



-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana