Anoop John wrote on 18/10/14 10:48:
> I have run into a problem on my server with a DDOS attack on port 25. The
> server is getting large number of connection requests on port 25 from
> random IPs continuously preventing any access to the SMTP port by valid
> users. Also the server reaches the limit of 100 simultaneous SMTP
> connections within seconds of restarting the server. The server is
> configured to require authentication before sending mails via SMTP so there
> is no spamming / relay attempt via the server.
I bet that most of them have no PTR RR. In this case you can add the following
ACL to your connect-ACL:
defer condition = ${if and {{def:sender_host_address}\
{!def:sender_host_name}}\
{yes}{no}}
condition = ${if >{$smtp_count_at_connection_start}{50} {yes}{no}}
message = 421 too busy for PTRless hosts
log_message = NOPTR drop ($smtp_count_at_connection_start > 50)
This will keep at least 50 connection slots open for hosts with proper DNS
setup. If your host has IPv6 connectivity it's advisable to limit the ACL to IPv4.
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria
