[Mimedefang] Pounded by spam

John john at jjgb.com
Fri Oct 29 00:47:30 EDT 2004


At 08:58 PM 10/28/2004, you wrote:
>We just got the living daylights pounded out of us by a spam host running 
>at 69.6.66.103.

Happens on occasion.


>While I know it can be easy to simply block the host, I was wondering if 
>there was some way to avoid the problem all together by potentially 
>identifying hosts attempting to overload the server (Denial Of Service) by 
>throttling down the amount of allowed inbound connections (from external 
>sources) from a single host.

Yes.  Sendmail >=8.13.0 has several nice options.

FEATURE(`ratecontrol',`nodelay',`terminate')dnl
FEATURE(`conncontrol')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`60')dnl

I am the SysAdmin for an ISP here in Billings.  I am unafraid of using 
these controls and they have really helped our situation.  I limit 25 
Connections/sec period.  I also limit 3 connections from any one external 
host/min.

Read all about these and understand exactly what they mean in the Sendmail 
Doc's.  You have all kinds of options in the access file.  Of course, you 
open these through the access file for your authorized nets that you are an 
MX for.  We also use a 10 sec. delay in response that drops anything 
attempting to jam mail down your throat before receiving a welcome banner 
from our mail servers.

I occasionally get the "25" connections and deferring at that rate in my 
logs, but not enough to worry me and we handle ~200,000 emails a 
day.  Adjust your connection/defer times accordingly to your normal load.

Have fun and knock them dead at the gate.


>Admittedly, this is a bit off topic.. Mimedefang.pl was the process that 
>was getting hammered (and subsequently drove the CPU load to >16 before we 
>shut down email all together), but I do not think that the fault lies with 
>mimedefang (in fact, I don't think there is any 'fault' here).. it's more 
>a configuration issue at the MTA level (in this case, sendmail).
>
>-Rich
>_______________________________________________
>Visit http://www.mimedefang.org and http://www.canit.ca
>MIMEDefang mailing list
>MIMEDefang at lists.roaringpenguin.com
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


John Jaeger - Billings, Montana

EMail To	: <mailto:john at jjgb.com>
Home Page	: <http://www.jjgb.com>

PGP:
RSA Key ID: 0xAAEC7751  <http://www.jjgb.com/public_files/RSA_Key.zip>

"Our liberty is protected by four boxes...
     The ballot box, the jury box, the soap box, and the cartridge box."
                                    - Anonymous




More information about the MIMEDefang mailing list