Re: [Exim] FW: Defending Against Rumplestiltskin Attacks???

Góra strony
Delete this message
Reply to this message
Autor: Stephen Gran
Data:  
Dla: exim-users
Temat: Re: [Exim] FW: Defending Against Rumplestiltskin Attacks???
On Sun, May 09, 2004 at 05:11:49PM +0200, Ilan Aisic said:
> Hi list, I was wondering if there's a way to configure Exim so that
> spammers or computers trying to flood us with DDoS attacks, can be
> treated to a special slow connection (See below postfix setup).


I don't know postfix, but I use the following:
  # too many bad recipients in one transaction
  defer  message   = Too many bad recipients ${eval:$rcpt_fail_count} \
                    out of $rcpt_count
        !hosts     = +no_check_hosts
        condition = ${if > {${eval:$rcpt_fail_count}}{5}{yes}{no}}
        delay = 20s


no_check_hosts is a list of hosts that I know routinely send mailing
list email and other many user type email transactions, and are
exempted from this check on the basis that I trust, at least to some
extent, that they are not being used as zombie spam senders. The exim
list server, the debian mailing list servers, you get the idea.

But that only handles dictionary attacks coming from a single
connection. You'd have to implement something like grey listing to
get these benefits across connections.
--
--------------------------------------------------------------------------
|  Stephen Gran                  | I don't want to live on in my work, I   |
|  steve@???             | want to live on in my apartment.   --   |
|  http://www.lobefin.net/~steve | Woody Allen                             |

--------------------------------------------------------------------------