[Mimedefang] Pounded by spam

[Rich West]

>
>
>> While I know it can be easy to simply block the host, I was wondering 
>> if there was some way to avoid the problem all together by 
>> potentially identifying hosts attempting to overload the server 
>> (Denial Of Service) by throttling down the amount of allowed inbound 
>> connections (from external sources) from a single host.
>
>
> Yes.  Sendmail >=8.13.0 has several nice options.
>
> FEATURE(`ratecontrol',`nodelay',`terminate')dnl
> FEATURE(`conncontrol')dnl
> define(`confCONNECTION_RATE_WINDOW_SIZE',`60')dnl


I was looking at those, in addition to the FEATURE(`greet_pause', <num>)..

The documentation on sendmail.org's site regarding greet_pause was just 
a step above non-existent.  I didn't check the others (ratecontrol and 
conncontrol).. Looking in to them now.

>
> I am the SysAdmin for an ISP here in Billings.  I am unafraid of using 
> these controls and they have really helped our situation.  I limit 25 
> Connections/sec period.  I also limit 3 connections from any one 
> external host/min.


Just out of curiosity, how, exactly, are you limiting the connections 
per second and connections from external hosts/domains?

> I occasionally get the "25" connections and deferring at that rate in 
> my logs, but not enough to worry me and we handle ~200,000 emails a 
> day.  Adjust your connection/defer times accordingly to your normal load.
>
> Have fun and knock them dead at the gate.


Thanks!

-Rich