I have a client that uses spamdyke but I am new to it. I've read through
the documentation so I am vaguely familiar with it now. They have been
under a DDOS attack for about a month now. It's not enough to bring their
servers down. Basically it's a bunch of SMTP traffic attempting to send
On 09/01/2012 08:17 AM, J.R. Lillard wrote:
I have a client that uses spamdyke but I am new to it. I've read
through the documentation so I am vaguely familiar with it now. They
have been under a DDOS attack for about a month now. It's not enough to
bring their servers down. Basically it's
A novice question perhaps, but does it matter much where one runs the
local caching resolver?
I have a LAN with IP 10.x.x.x and simply use 10.0.0.1 as the local IP
for the resolver. My understanding is that any local IP can be used
so long as it can be reached by those functions needing
Unfortunately spamdyke can't do this right now. If you really need it to, you
could always modify the filter_rdns_missing() function in filter.c -- just
insert a call to exit() within the if() statement and recompile. Any time the
filter is triggered, spamdyke will immediately exit without
If 10.0.0.1 is the IP of the local host on the LAN, it shouldn't matter at all.
The OS will realize the IP address is assigned to the local NIC and won't send
any packets across the wire. The only reason it might be a problem would be if
your firewall is configured to block incoming DNS
Iptables was my first thought but half a million ips seemed like too much
for it. How many rules have you had with your script?
J.R. Lillard
System / Network Admin
Web Programmer
Hyphen Communications
On Sep 1, 2012 4:09 PM, Sam Clippinger s...@silence.org wrote:
Unfortunately spamdyke can't
J.R. Lillard wrote on 2012-09-02 00:30:
Iptables was my first thought but half a million ips seemed like too
much for it. How many rules have you had with your script?
IPs are part of classes. If you i.e. got no legit users from certain
class, nor your logs do not show any legit mails comming
Fail2ban
El sep 1, 2012 5:41 p.m., Marcin Orlowski car...@wfmh.org.pl escribió:
J.R. Lillard wrote on 2012-09-02 00:30:
Iptables was my first thought but half a million ips seemed like too
much for it. How many rules have you had with your script?
IPs are part of classes. If you i.e.
On Sep 1, 2012, at 11:17 AM, J.R. Lillard j...@hyphen.org wrote:
I have a client that uses spamdyke but I am new to it. I've read through the
documentation so I am vaguely familiar with it now. They have been under a
DDOS attack for about a month now. It's not enough to bring their
Sam's right of course. :)
I think the question might have been (as I read it) regarding a
configuration where the resolver is on the local network (private lan),
but not on the host which is running spamdyke (not accessible as
127.0.0.1). This is not as ideal as having the resolver running on
Half a million might be too much. :) I honestly don't know what iptables can
do, it's only ever stopped a couple dozen IPs at a time for me. You'd
definitely have to rewrite my script to store the IP files in multiple
subdirectories, since most filesystems can't handle half a million files in
I think I understand what you are saying.
My local LAN is quite simple: only one *nix box and it sits between
the internet source and the rest of the machines on my LAN. That one
box contains two NICs - the public (WAN-side NIC) and the private
(LAN-side NIC) and runs spamdyke (as well as
I recently banned all of China from smtp_auth on my server.. No
complaints from legitimate customers so far -- China ranges are
available on the net.
fail2ban is great, use that too.. Perhaps connections-per-source
limiting from xinetd is also a good idea.. Good luck.. -t
On 09/02/2012
On 09/01/2012 08:17 PM, BC wrote:
I think I understand what you are saying.
My local LAN is quite simple: only one *nix box and it sits between
the internet source and the rest of the machines on my LAN. That one
box contains two NICs - the public (WAN-side NIC) and the private
(LAN-side
14 matches
Mail list logo
