[Mimedefang] Re: DoS Question
Sven Willenberger
sven at dmv.com
Mon Jan 3 00:08:09 EST 2005
Kevin A. McGrail wrote:
> Anyone else seeing massive sendmail connections seemingly for the sole
> purpose of a denial of service? This is less than one minute after a
> sendmail restart and we've been seeing this issue since app 6AM today.
>
> Regards,
> KAM
>
Sendmail 8.13.x has new features (and there are patches for 8.12.x) that
can throttle such connections. They are:
A) GreetPause - wherein the server delays the initial response x
seconds. Any server that starts sending traffic before this response
receieves an error message (designed to stop those trojaned/virus
mailservers that blast out spam)\
B) RateControl - controls how many connections per minute for each
unique ip address
C) ConnControl - controls how many simultaneous connections per given ip
address
These are all controlled via access files and can be configured with
defaults and with ip specific exceptions;
The relevant .mc file entries:
FEATURE(`greet_pause', `5000') dnl 5 seconds
FEATURE(`ratecontrol', `nodelay', `terminate')
FEATURE(`conncontrol', `nodelay', `terminate')
example access lines:
GreetPause:127.0.0.1 0
ClientConn:127.0.0.1 0
ClientConn: 10
ClientRate:127.0.0.1 0
ClientRate: 15
This may help some in that sendmail won't have to start processing data
over an smtp connection if the sending ip exceeds any of the limits you
impose using the above.
hth
Sven
More information about the MIMEDefang
mailing list