[Exim] FW: Defending Against Rumplestiltskin Attacks???

Pàgina inicial
Delete this message
Reply to this message
Autor: Ilan Aisic
Data:  
A: exim-users
Assumpte: [Exim] FW: Defending Against Rumplestiltskin Attacks???
Hi list,
I was wondering if there's a way to configure Exim so that spammers or computers trying to flood us with DDoS attacks,
can be treated to a special slow connection (See below postfix setup).

--
Ilan Aisic

-----Original Message-----
From: Jon [mailto:groups@ez15loan.com]
Sent: Saturday, May 08, 2004 9:17 AM
To: spamassassin-users@???
Subject: Re: Defending Against Rumplestiltskin Attacks???


Also, if your running postfix as your MTA, you could set:

smtpd_error_sleep_time = 60
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 6

or simular in main.cf (adjust these numbers to suit your boxes needs/mail volume). This creates a sudo tarpit effect.
I got attacked a while back for about 3 days, then they gave up. Whois showed the IP range was from a university (go
figure).

--
Regards,
Jon

Mike Hatz said:
> Hi,
>
> This might not be the right place to ask for this help, but since I am

under a spam-based attack, I figured the collective group might be able to help out or have defended against such
nonsense.
>
> My mail server is a linux machine running RH9. It has been getting

wailed on by rumplestiltskin attacks for weeks now. I have modded my sendmail.cf pretty heavily to help fight against
it with various RBLs and BAD RCPT throttles.
>
> However, my friends who are acting as my secondary mail spoolers are

getting flattened by the volume of the attack, since I suspect that it might actually be attempting to attack and relay
through the secondary MX records besides hitting the primary MX record.
>
> I have spent hours googling around to look for solutions, even a

solution that would use iptables and simply drop the inbound smtp connections for say 24-hours, if it triggers a
throttle or a 550 response in sendmail.
>
> How can I determine the root of all of this?
>
> How can I keep the secondary's from getting pummeled?
>
> Thanks for any help. I'll post a summary of all the things I have
> done

so far, as well as your answers.
>
> Mike
>