[Mimedefang] Pounded by spam
John
john at jjgb.com
Fri Oct 29 00:47:30 EDT 2004
At 08:58 PM 10/28/2004, you wrote:
>We just got the living daylights pounded out of us by a spam host running
>at 69.6.66.103.
Happens on occasion.
>While I know it can be easy to simply block the host, I was wondering if
>there was some way to avoid the problem all together by potentially
>identifying hosts attempting to overload the server (Denial Of Service) by
>throttling down the amount of allowed inbound connections (from external
>sources) from a single host.
Yes. Sendmail >=8.13.0 has several nice options.
FEATURE(`ratecontrol',`nodelay',`terminate')dnl
FEATURE(`conncontrol')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`60')dnl
I am the SysAdmin for an ISP here in Billings. I am unafraid of using
these controls and they have really helped our situation. I limit 25
Connections/sec period. I also limit 3 connections from any one external
host/min.
Read all about these and understand exactly what they mean in the Sendmail
Doc's. You have all kinds of options in the access file. Of course, you
open these through the access file for your authorized nets that you are an
MX for. We also use a 10 sec. delay in response that drops anything
attempting to jam mail down your throat before receiving a welcome banner
from our mail servers.
I occasionally get the "25" connections and deferring at that rate in my
logs, but not enough to worry me and we handle ~200,000 emails a
day. Adjust your connection/defer times accordingly to your normal load.
Have fun and knock them dead at the gate.
>Admittedly, this is a bit off topic.. Mimedefang.pl was the process that
>was getting hammered (and subsequently drove the CPU load to >16 before we
>shut down email all together), but I do not think that the fault lies with
>mimedefang (in fact, I don't think there is any 'fault' here).. it's more
>a configuration issue at the MTA level (in this case, sendmail).
>
>-Rich
>_______________________________________________
>Visit http://www.mimedefang.org and http://www.canit.ca
>MIMEDefang mailing list
>MIMEDefang at lists.roaringpenguin.com
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
John Jaeger - Billings, Montana
EMail To : <mailto:john at jjgb.com>
Home Page : <http://www.jjgb.com>
PGP:
RSA Key ID: 0xAAEC7751 <http://www.jjgb.com/public_files/RSA_Key.zip>
"Our liberty is protected by four boxes...
The ballot box, the jury box, the soap box, and the cartridge box."
- Anonymous
More information about the MIMEDefang
mailing list