John Carlson wrote:
> Hello to all.. I'm having an issue with people DOSing my server.. here
> is the thing.. I can't get an answer to see if I can block ip's like as
> the way Denyhosts works with ssh.. I mean.. I have rbls and spammassasin
> setup with my exim.. and that all works.. but I want to know.. is there
> a way to block people trying to relay through me.. or just allow
> authenticated users (valid email addresses on my server) to relay..? I
> mean.. this is becoming a pain.. they are sending spam.. and it is
> slowing down my smtp which makes my clients mad when they try to send a
> 200k file and it takes 3 minutes because my server is being nailed to
> the wall by these DOS's..
>
> thanks in advance..
>
>
>
You should probably look at using your firewall or talking to your ISP.
Why waste time by letting the connection get all the way through to exim
to drop? iptables (or your OS's packet filtering) can reject or drop the
packets as they arrive (dropping will use less of your upstream
bandwidth, but will generally result in a retry therefore using more
downstream). Of course even if you filter at your end, your link could
well remain saturated, so talk to your ISP and see if they will filter
before the traffic is routed onto your link.
Incidentally, the default exim config doesn't allow relaying, so if they
are able to send spam out via your server, your config is broken (you
talk about a DoS and spam, so I'm not sure if the mail is getting out or
if they are just flooding you with attempts).
*Michael Heydon - IT Administrator *
michaelh@??? <
mailto:michaelh@jaswin.com.au>