Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Pàgina inicial
Delete this message
Reply to this message
Autor: David Saez Padros
Data:  
A: Hill Ruyter
CC: exim users
Assumpte: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
Hi !!

> I will just throw in a non-SMTP solution here
>
> If you treat this sudden peak in traffic hitting your servers as a DDOS to
> your infrastructure then the best place to stop it is at the ingress to your
> network. So you have the firewall do one or more of a number of things
>
> Limit the number of concurrent SMTP sessions fro anywhere to your mail
> servers
> Limit the number of new SMTP sessions per second
> Limit the number of SMTP sessions from a single IP
> Limit the amount of bandwidth SMTP can consume on the network


exim can done most of this itself, also we use a cdb based white/blacklist
at smtp_connect so we can delay non-whitelisted hosts on peak times
and accept mail comming from whitelisted ones. On a really bad situation
this allows to get mail working (at least for whitelisted hosts) and
fast reject anything else

--
Best regards ...

The brain you have reached is out of order at this time.

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------