Author: Jeremy Harris Date: To: exim-users @ exim. org Subject: Re: [exim] Blocking DDOS to specific Domains
tlabs wrote: > Hi,
>
> I have a domain hosted for a client that continually gets ddos'd.
>
> For the past several months we have experienced intermitant DDOS attacks all aimed at one domain. This
> ranges from seeing up to 500,000 mails for that single domain on a daily basis.
>
> We do store and forward for that domain, essentially backup MX.
>
> I have tried a lot of different things, callout verify, block recipient domain, all apart from storing a local user
> list on our mail servers which has a high admin cost.
You need to do some form of "local" user verification.
It you truly can't maintain a list on that system,
can you use recipient callouts to the destination system
(assuming *it* is sane enough to reject, rather than bouncing,
non-users)? Or can you access its user list via LDAP?