[Mimedefang] New Sober version bringing MD to its knees?
David F. Skoll
dfs at roaringpenguin.com
Fri Nov 25 12:43:11 EST 2005
Fernando Gleiser wrote:
> It worked flawlessly until the last version of sober hit it a couple of
> days ago. Since then that piece of cr*p is hitting it with bursts
> where the server gets 60+ mails in less than 10seconds, so MD runs out
> of slaves.
You might want to set the ConnectionRateThrottle parameter in Sendmail
(confCONNECTION_RATE_THROTTLE in sendmail.mc) quite low, like to around 3.
That delays connections if more than 3/second come in. While it
still doesn't really prevent the DoS, it can smooth the load on the machine.
Or you can use Sendmail 8.13's more fine-grained rate_control features so
that any one IP address can't open too many connections too quickly.
But your solution of blocking offending IPs in access.db is probably
a good one for now.
More information about the MIMEDefang