Author: John W. Baxter Date: To: exim-users Subject: Re: [exim] Exim 4.68 defeats spammers!
On 8/31/07 11:24 PM, "Mark Rigby-Jones" <mark.rigby-jones@???> wrote:
> On 31 Aug 2007, at 13:44, Chris Edwards wrote:
>> Do you find the same zombie IPs re-connecting sufficiently often to
>> make this worthwhile ? Or is there an effectively infinite pool of
>> zombies, each only connecting once ?
> In this particular case, they were - in fact they were even opening
> multiple simultaneous connections (until I dropped
> smtp_accept_max_per_host from 4 to 1 for off-net hosts) and re-
> connecting quite aggressively each time a connection was timed out.
> This, from numerous (dozens, certainly) different IP addresses to
> multiple mail servers on our side. After I made those changes, the
> number of concurrent connections began to drop down from being nailed
> up to the limit as it had been since the attack started, allowing
> legitimate emails to get through.
I notice that iptables is blocking and logging packets for "invalid TCP
state" from the same hosts that are pushing up the connection counts.
This has increased greatly over the past 5 days (up by a factor of 5 or so
per the logs on one server).
This message was posted to the following mailing lists: