Hey all,
I'm not certain, but I believe one of my endian firewall boxes has fallen
victim to a SMTP denial of service attack. This box normally gets like 5 or
6 messages/min incoming, but yesterday from about noon up until 5:30 PM, it
received peaks from 200 messages/min incoming to 481 message/min (peak)
incoming. The firewall actually seemed very responsive as far as http
traffic in and out throughout this time, but e-mail has not been going
through it right since that time. For example I had a message sent to me
yesterday afternoon at 15:20:00, it got to the firewall at 15:23:30, but the
firewall didn't send it to my internal SMTP server until 23:56:05. This
incredible delay is still happening with any mail sent through the
firewall. I have added an incoming port forward rule for port 25 directly
to my internal SMTP server so that it would bypass the firewall so we could
start receiving e-mail on time. As soon as I added this rule, e-mail became
near instantaneous again.
So, I'm trying to figure out how to remedy the problem. My mail queue has a
little over 20,000 messages sitting in it right now, and "Flush Mailqueue"
doesn't change much. I read in the docs how this just tries redelivering
mail, but waits for a timeout period before removing them from mail queue.
I've perused through the queue, and the queue actually includes a ton of
addresses not even pertaining to any domains administered here. I'm
assuming it's all these 20,000 messages taking up 486 meg of disk space,
that's jamming up the SMTP proxy on the firewall, but I'm not sure what I
can do about it.
Does anybody have any suggestions? Will all those messages eventually
time-out, and if so how long? Do you believe this was some sort of Denial
of Service Attack?
Thanks so much for a great product... I can't believe how well the firewall
held up, I didn't even notice any speed difference for http traffic through
the box, or accessing the administration pages on the box throughout the
"attack".
Extra thanks to Peter and Mike who have helped me numerous times unbeknownst
to them through their correspondence on this list with other folks.
~Jon
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
