From: Len Conrad (no email)
Date: Mon Sep 01 2003 - 12:41:12 EDT
>My friendly mailserver and domains are in trouble :-(
>I'm getting a huge amount of connections to port 25 right now. The problem
>seems to be that a spammer faking that he sends spam from my domain. The
>result is that Mailservers all over the world bounces messages to my server.
>
>How can I handle this situation?
distributed DoS are tough.
>I did a grep on the logfile (180 MB in the last 10 hours) and I got
>connections from more than 100.000 IP addresses. Please give me some advice.
about all you can do is try to outrun it.
set smtpd_hard_error_limit to 2 (postfix initiates hang up a 2nd 5xx in a
session)
increase your RAM to hold more processes
increase your file descriptors/handles
increase your postfix smtpd and OS process limit.
your MX must know about your users so it can reject after RCPT TO the unkn
users. use check_recipient_maps
outrunning means sacrificing 400 or 500 processes to handling the bounces
(pray that all the users at yourdomains are bogus), and hoping to have a
handful that are free to handle legit connections.
This may not work
Len
_____________________________________________________________________
http://MenAndMice.com/DNS-training: London; San Jose; Wash DC
IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free
|
|
|