Hi Randy
Randy Bush wrote:
> i am being smtp flooded from numerous sources.
>
> i have
>
> smtp_accept_max_per_host = 4
>
> yet
>
> netstat -nf inet \
> | awk '$4 ~ /\.25$/ {split($5, a, "[.]"); print a[1]"."a[2]"."a[3]"."a[4]}' \
> | sort | uniq -c | sort -nr | awk '$1 > 1' | head -4
>
> shows
>
> 19 78.3.64.138
> 14 125.25.31.62
> 10 58.186.134.147
> 10 123.19.248.195
>
> so clearly i am not understanding something. clue bat, please.
>
I assume you run exim as a daemon and not from inetd, otherwise I think
this does not work.
Further more, do you see the log file showing the rejected connections like
2007-11-10 02:06:30 Connection from [xx.xx.xx.xx] refused: too many connections from that IP address
If yes, you probably just count not only the connections in ESTABLISHED
state but also in TIME_WAIT, FIN_WAIT_2, etc...
Try this: netstat -nf inet $* | grep -v " $" | grep -v "LISTEN$"
to display all connections except the listening ones, about the quick
check of what is on inbound wise.
Oliver
