On 09/01/2012 08:17 AM, J.R. Lillard wrote: > I have a client that uses spamdyke but I am new to it. I've read > through the documentation so I am vaguely familiar with it now. They > have been under a DDOS attack for about a month now. It's not enough to > bring their servers down. Basically it's a bunch of SMTP traffic > attempting to send spam. Spamdyke has been doing a great job of > blocking the connections usually with the DENIED_RDNS_MISSING error. > The problem is this attack has been eating up a lot of their > bandwidth. As a temporary measure their ISP has asked them to just drop > the invalid connections instead of issuing the appropriate SMTP response > codes. Is this something spamdyke can be configured to do? I did not > see anything obvious in the documentation. > > -- > J.R. Lillard > System / Network Admin > Web Programmer > Hyphen Communications > > _______________________________________________
Hey JR, I don't know the answer to this question. Sam will no doubt chime in on spamdyke's capability regarding dropping connections. My opinion is that this would not be an appropriate thing to do. Given what you've described, I would consider whether the host is running a caching nameserver or not. What are the contents of /etc/resolv.conf ? spamdyke is rather heavy on DNS, and network traffic can be reduced a bit by running a resolver on localhost (127.0.0.1). Personally, I use the pdns-recursor package on CentOS. I expect that there's probably a powerdns recursor available for your platform as well. You'll also want to check that you're not using too many dns-blacklist-entry= parameters. In this area, more isn't necessarily better. Personally, I use only zen.spamhaus.org and bl.spamcop.net. While DNS traffic isn't large from a bandwidth standpoint, I expect that it's larger than SMTP response codes. If the DDOS attacks are coming from a single group of IP addresses, having a caching nameserver on localhost will provide a substantial reduction in network/DNS traffic. HTH. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users