Autor: dawnshade Data: Dla: exim-users, david Temat: Re: [exim] maximum connection DDOS
On Sunday 26 November 2006 23:41, David Daniels wrote: > I'm getting joe-jobed. Bounces from everywhere from what spammers are
> sending out using a few of my domain names.
>
> My exim stops processing incoming mail when it reaches a maximum number
> of connections and simply puts these in the log:
>
> 2006-11-26 13:59:29 SMTP connection from [64.76.163.185] (TCP/IP
> connection count = 81)
> 2006-11-26 13:59:29 SMTP connection from [207.155.252.67] (TCP/IP
> connection count = 81)
> 2006-11-26 13:59:29 SMTP connection from [207.253.169.12] (TCP/IP
> connection count = 81)
> 2006-11-26 13:59:29 SMTP connection from [88.242.17.199] (TCP/IP
> connection count = 81)
>
> It doesn't matter if I have the max connections set at 30 or a few
> hundred. The connection max is reached fairly quickly( within a minute
> or two).
>
> Does anyone have some configure settings that lets exim throttle and
> still process what it accepts? I've tried several configurations but it
> always ends in no processing. I've even tried remarking all the settings
> to accept the defaults.
>
> Here is a snip from configure:
>
> # maximum number of simultaneous incoming connections
> smtp_accept_max = 200
> smtp_accept_max_per_connection = 30
> # after number of incoming connections is exceded, all others are placed
> in queue
> smtp_accept_queue = 10
> #accept queue per connection
> smtp_accept_queue_per_connection = 10
> # max number of waiting connections
> smtp_connect_backlog = 20
> # maximum from a single ip address or per_host
> smtp_accept_max_per_host = 20
> # reserve connections for prefered hosts
> smtp_accept_reserve = 10
> # when over load_reserve, everything is queued
> smtp_load_reserve = 4
> # number of command a session can send before kicking off
> smtp_max_unknown_commands = 1
>
>
> Any ideas would be very appreciated.
>
> Thanks in advance.
>
> David
configure in main section something like this:
smtp_accept_max_per_host = 3
3 connection per host. usually it enougth for not-spammers hosts.