Autor: Randy Bush
Data:
Para: exim users
Assunto: [exim] smtp flood defense
i am experiencing smtp flood attacks from seemingly random sources.
SMTP connections
14 83.22.24.210
11 91.77.216.165
11 85.140.123.245
10 87.226.156.56
10 83.237.59.7
10 59.95.152.251
9 88.229.35.183
9 69.219.219.244
8 88.242.102.146
8 87.237.119.23
8 83.142.122.126
8 80.108.122.98
8 79.185.93.110
8 78.57.190.13
8 58.9.148.20
8 221.151.181.77
8 220.227.80.18
7 88.239.56.169
7 58.229.114.108
7 221.221.54.196
i have
smtp_accept_max = 50
smtp_accept_max_per_connection = 12
smtp_accept_max_per_host = 4
smtp_connect_backlog = 20
and ipfw
add allow tcp from any to me smtp limit src-addr 1 setup
add deny tcp from any to me smtp
are there other more current tricks of the trade i am missing?
thanks
randy