RE: [Exim] DOS/DDOS/SPAM and exim

Pàgina inicial
Delete this message
Reply to this message
Autor: jori.hamalainen
Data:  
A: exim-users
Assumpte: RE: [Exim] DOS/DDOS/SPAM and exim
Hi,

depends if spammers use many source-IP addresses? You can drop those TCP-SYN packets at router/firewall/OS-kernel-firewall. But if there are too many sources that might become quite hard.

One possibility is to make reverse-dns query, if that doesn't work, don't accept connections. But this is not 100% proof.

Also if you know IP-addresses of legimate senders (like from internal network, you can use "smtp_reserve_hosts" and similar configuration options in Exim. But if kernel tables for TCP sessions are full, that might not work in every situations??

I don't know if Exim can drop connections via configuration options.. "smtp_max_unknown_commands" is for different situation.

BR, Jori

> -----Original Message-----
> From: exim-users-admin@???
> [mailto:exim-users-admin@exim.org] On Behalf Of Jose de Paula
> Eufrásio Junior
> Sent: 16. kesäkuuta 2004 14:35
> To: Lista Exim
> Subject: [Exim] DOS/DDOS/SPAM and exim
>
> Hello there.
>
> Since last night my SMTP is being hammered by various
> connections from spammers, trying to send messages to or
> through my server. Exim does a wonderful job rejecting the
> spammers, but they're so many that they are swamping the smtp
> server (max connections = 400) and not letting real email get
> to the server.
>
> Seems like exim stays forever on a connection just giving
> rejects for the host and it eventualy eats all the
> connections. And that occurs from various hosts, dsl, dial
> ups, strange servers.
> I limited the max connections from IP to 3, but with no help/
>
> What strategy/configuration I can use to prevent/combat that?
>
> []s
> core
>
> --
> José de Paula Eufrásio Júnior
> Analista de Sistema | CPD
> ProInternet do Brasil
>
>
>
>
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details
> at http://www.exim.org/ ##
>
>
>