[exim] Re: smtp_accept_max & DDoS

Top Pagina
Delete this message
Reply to this message
Auteur: Cyborg
Datum:  
Aan: Andrew C Aitchison
CC: exim-users
Onderwerp: [exim] Re: smtp_accept_max & DDoS
Am 13.05.23 um 11:41 schrieb Andrew C Aitchison:
>
>> I suggest to choose your timeout for the kill wisely, as some servers
>> send a big chunk of data slow as hell, but a reasonable amount would
>> be 30s.
>> In addition, the netstat output could give out, if any data is in the
>> connection buffer as an indicator that the host as send real data as
>> an indication for a valid connection attempt.
>
> By logging or triggering this in an ACL and only when the problem occurs
> we avoid the case of slow but valid incoming connections.
>



I'm afraid, you can only test things in an acl, IF new connections are
coming in, which the DDOS open-connection-attack would deny.

This needs to be external, or it's useless when you need it :)

Best regards,
Marius

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/