Off-Topic: Re: [Mimedefang] Re: DoS Question - Sendmail 8.13 hints

[Kevin A. McGrail]

Thanks a lot Sven.  This is some great information below!

I definitely want to look at 8.13.X soon.  Out of interest, do you know if 
you can finally do something like this in the virtusertable?  I know that 
was something they were really looking at but I've been caught up more in 
some of the RBL work for anti-SPAM for the last few months than I planned.

bob.*@microsoft.com     error: Nouser No one named bob works here anymore?

Happy New Year,

KAM

----- Original Message ----- From: "Sven Willenberger" <sven at dmv.com>

> Sendmail 8.13.x has new features (and there are patches for 8.12.x) that 
> can throttle such connections. They are:
>
> A) GreetPause - wherein the server delays the initial response x seconds. 
> Any server that starts sending traffic before this response receieves an 
> error message (designed to stop those trojaned/virus mailservers that 
> blast out spam)\
>
> B) RateControl - controls how many connections per minute for each unique 
> ip address
>
> C) ConnControl - controls how many simultaneous connections per given ip 
> address
>
> These are all controlled via access files and can be configured with 
> defaults and with ip specific exceptions;
>
> The relevant .mc file entries:
> FEATURE(`greet_pause', `5000')  dnl 5 seconds
> FEATURE(`ratecontrol', `nodelay', `terminate')
> FEATURE(`conncontrol', `nodelay', `terminate')
>
> example access lines:
> GreetPause:127.0.0.1    0
> ClientConn:127.0.0.1            0
> ClientConn:             10
> ClientRate:127.0.0.1            0
> ClientRate:             15