Am Dienstag, 23. Oktober 2007 00:36:52 schrieb Sam Varshavchik: > Zenon Panoussis writes: > > For weeks on end now I am being subjected to what I could call a reverse > > spam DDoS attack for lack of better term. Some asshole is sending out > > zillions of messages to non-existent users at legitimate domains, using > > clearly non-existent sender addresses @myhosteddomain. It seems he is > > specifically targetting backup MXs and spam filtering services because > > the messages are first accepted for transport, then bounced. The bounces > > create a storm of connections to my MX, which in turn causes courier > > (0.55.1) to choke and stop receiving mail at all. > > Some DNS or ident query is probably stalling, and it takes a while for the > DNS query to time out. It's not refusing to receive mail any more, it's > just taking a long time for various DNS queries to time out. > > Begin by adding "-noidentlookup -nodnslookup" to TCPDOPTS in the esmtpd > config file. Then, publish an SPF record for your domain. Finally, invest > some time in meticulously compiling a list of most frequent backscatter > source IPs, and blacklisting them.
I had the problem described by Sam. Just run telnet on your smtp port and look how long it takes until a connection cames up. BTW: better courier stops receiving mail at all then courier stops your server at all ;-) And I think you won't loose any mail. The MTAs which wanted to send you some data will come back. regards Daniel ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
