[Mimedefang] OT: sendmail limit connections
Ben Kamen
bkamen at benjammin.net
Wed Feb 23 14:40:59 EST 2005
Arthur Corliss wrote:
>
>>From what you're saying, then, that would only work for him if he knows the
> IP/networks he's getting hit by ahead of time. It doesn't sound like it would
> prevent rate-limit connections from *any* IP address. For that you'd really
> need to keep track of simultaneous connects per IP.
>
Well, he originally said, "this one"... implying he knows specifically who...
Although, if he's being pummeled by by random addresses, the ConnectRate,
ClientConn and such would help him on a global scale.
In any case, I have a script I use for abusive stuff like that that's in TCL
and can be modified for really any kind of abuse seen via the log files... It
blackholes (null routes) the offender for any time the user wishes. Right now
I only use it against SMTP RCPT_TO: floods where sendmail tosses out the log
message with the IP and I blackhole it for a week.
-Ben
More information about the MIMEDefang
mailing list