Hi list,
I was wondering if there's a way to configure Exim so that spammers or computers trying to flood us with DDoS attacks,
can be treated to a special slow connection (See below postfix setup).
--
Ilan Aisic
-----Original Message-----
From: Jon [
mailto:groups@ez15loan.com]
Sent: Saturday, May 08, 2004 9:17 AM
To: spamassassin-users@???
Subject: Re: Defending Against Rumplestiltskin Attacks???
Also, if your running postfix as your MTA, you could set:
smtpd_error_sleep_time = 60
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 6
or simular in main.cf (adjust these numbers to suit your boxes needs/mail volume). This creates a sudo tarpit effect.
I got attacked a while back for about 3 days, then they gave up. Whois showed the IP range was from a university (go
figure).
--
Regards,
Jon
Mike Hatz said:
> Hi,
>
> This might not be the right place to ask for this help, but since I am
under a spam-based attack, I figured the collective group might be able to help out or have defended against such
nonsense.
>
> My mail server is a linux machine running RH9. It has been getting
wailed on by rumplestiltskin attacks for weeks now. I have modded my sendmail.cf pretty heavily to help fight against
it with various RBLs and BAD RCPT throttles.
>
> However, my friends who are acting as my secondary mail spoolers are
getting flattened by the volume of the attack, since I suspect that it might actually be attempting to attack and relay
through the secondary MX records besides hitting the primary MX record.
>
> I have spent hours googling around to look for solutions, even a
solution that would use iptables and simply drop the inbound smtp connections for say 24-hours, if it triggers a
throttle or a 550 response in sendmail.
>
> How can I determine the root of all of this?
>
> How can I keep the secondary's from getting pummeled?
>
> Thanks for any help. I'll post a summary of all the things I have
> done
so far, as well as your answers.
>
> Mike
>