[exim] maximum connection DDOS

Top Page
Delete this message
Reply to this message
Author: David Daniels
Date:  
To: exim-users
Subject: [exim] maximum connection DDOS
I'm getting joe-jobed. Bounces from everywhere from what spammers are
sending out using a few of my domain names.

My exim stops processing incoming mail when it reaches a maximum number
of connections and simply puts these in the log:

2006-11-26 13:59:29 SMTP connection from [64.76.163.185] (TCP/IP
connection count = 81)
2006-11-26 13:59:29 SMTP connection from [207.155.252.67] (TCP/IP
connection count = 81)
2006-11-26 13:59:29 SMTP connection from [207.253.169.12] (TCP/IP
connection count = 81)
2006-11-26 13:59:29 SMTP connection from [88.242.17.199] (TCP/IP
connection count = 81)

It doesn't matter if I have the max connections set at 30 or a few
hundred. The connection max is reached fairly quickly( within a minute
or two).

Does anyone have some configure settings that lets exim throttle and
still process what it accepts? I've tried several configurations but it
always ends in no processing. I've even tried remarking all the settings
to accept the defaults.

Here is a snip from configure:

# maximum number of simultaneous incoming connections
smtp_accept_max = 200
smtp_accept_max_per_connection = 30
# after number of incoming connections is exceded, all others are placed
in queue
smtp_accept_queue = 10
#accept queue per connection
smtp_accept_queue_per_connection = 10
# max number of waiting connections
smtp_connect_backlog = 20
# maximum from a single ip address or per_host
smtp_accept_max_per_host = 20
# reserve connections for prefered hosts
smtp_accept_reserve = 10
# when over load_reserve, everything is queued
smtp_load_reserve = 4
# number of command a session can send before kicking off
smtp_max_unknown_commands = 1


Any ideas would be very appreciated.

Thanks in advance.

David