Re: [Exim] exim fine-tuning

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Scott Call
Data:  
Para: Bauer, Felix
CC: Exim-users
Asunto: Re: [Exim] exim fine-tuning
On Mon, 19 Apr 2004, Bauer, Felix wrote:

> Hi,
>
> last weekend I experienced a DoS *cheer*. In fact this wasn't as

funny[...]

I hate that, sucks doesn't it? On my main exim system (Dual Xeon
2.4's, 1 gig of ram ,etc etc) I can handle the 200K delivered (+1million
bonked but RBL/Syntax/etc) pretty well, but we do see DoS/DDos attacks,
and have had to tune exim to help it survive.

To fend them off, I've implemented the following:
smtp_accept_max = 512
smtp_accept_max_per_host = 20
queue_only_load = 15
smtp_load_reserve = 15
smtp_reserve_hosts = +relay_from_hosts
deliver_queue_load_max = 10

While it may not be optimal, it does the trick. With a smaller box (and
expected connection rate) you can, of course, set the accept_max and
accept_max_per_host to lower #'s. With a per-host of 20, I still get
several times a day when a specific host tries to connect more than 20
times. When I check the logs it's usually sending spam or viruses.

The reserve stuff is there so that if the box just gets too busy, it 4xx's
outside SMTP but accepts email from my customers. This way my customer
support folks don't have to take "why isn't my outlook outbox emptying"
calls.

I'm also fairly aggressive with reject HELOs with non domain literal IPs,
and my local hostname, which kills a lot of automated attacks.

I also check a text file for explictly denied hosts with a connect ACL,
and add/subtract from that file if a specific IP is hitting me too hard.

Also, not knocking on SA-Exim (I've never used it) but maybe exiscan which
connects to spamd directly might be more efficient than spawning spamc
with every message?

Like I said, I'm sure there are better ways to do it than I have, since
I'm still learning too, but I figure it might help to share.

Thanks
-Scott

--
Scott Call    Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814