Re: [exim] Preventing exim DoS attacks

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jon Gerdes
Date:  
À: exim-users@exim.org
Sujet: Re: [exim] Preventing exim DoS attacks
On Tue, 2015-06-09 at 15:45 +0530, soumya tr wrote:
> Hi,
>
> Any one have tips on preventing DoS attacks on port 25?
>
> --
> Regards,
> Soumya


You don't give much detail on what you are trying to achieve but at a
first stab have a look at the docs on these and other related settings:

smtp_accept_max
smtp_accept_max_nonmail
smtp_accept_max_nonmail_hosts
smtp_accept_max_per_connection
smtp_accept_max_per_host
smtp_accept_reserve
smtp_reserve_hosts
smtp_load_reserve
smtp_max_synprot_errors
smtp_max_unknown_commands
smtp_connect_backlog
smtp_enforce_sync

With careful tuning and careful thought about what they do you can rate
limit the vast majority of the outside world but still allow those
systems that simply must get through regardless.

You can also look into using your external firewall to to some limiting
as well.

Cheers
Jon


Blueloop Ltd

Jon Gerdes | Senior Consultant

Blueloop House
Ilchester Road
Yeovil
Somerset BA21 3AA

Tel: 2100
Web: www.blueloop.net



Registered Address : Blueloop House, Ilchester Road, YEOVIL, BA21 3AA Registered England & Wales - 3981322

CONFIDENTIAL INFORMATION
This e-mail and any files attached with it are confidential and for the sole use of the intended recipient(s). If you are not the intended recipient(s) you are prohibited from using, copying or distributing this or any information contained in it and should immediately notify the sender and delete the message from your system.

Internet communications are not secure and Blueloop Limited is not responsible for unauthorised use by third parties nor for alteration or corruption in transmission. Furthermore, while Blueloop Limited have taken reasonable precautions to minimise the risk of software viruses, it cannot accept liability for any damage which you may suffer as a result of such viruses, and we therefore recommend you carry out your own virus checks on receipt of any e-mail.