Hi !!
our problem here is that we use to suffer massive virus attacks and
rejecting fast (as fast as possible) is the only way to survive that
attacks.
Suggest you start Exim (and any other serious daemons) 'niced' down, and
put sshd at a higher priority. That insures you can access and control
the box even when it is running with its tongue hanging out.
That's not the problem, the problem is that normal mail should work
well also in that conditions, rejecting fast and limiting resources
for no authenticated users and non whitelisted hosts is what it helps.
Exim resource usage could be well controlled without the need to nice it
'Faster' yet if you turn any purely IP-based blocking over to the
firewall, and don't hesitate to (temporarily) ban entire /24's or such.
blocking /24 is not feasible as it will also block whitelisted hosts
ACK. But a roll-in / drop-later (by rule-number spans) ipfw, pf,
ipfilter.. whichever.. ruleset is *way* faster to deploy, and much
lighter on resources as well.
mmm.... i never tried to add 400000 ip addresses to ipfilter ...
BTW i prefer to reject using exim as i could give a descriptive error
message whith a link to request removal from the blacklist as from
time to time it catches some 'legal' mailserver.
Exim's forward/reverse host/HELO lookups already cache results, yet are
highly dynamic, so need little help save perhaps a REGEXP blocklist for
the chronic offenders.
that's the kind of rules we use to auto-blacklist
Enforcing sync, and NOT advertising pipelining also helps, (we drop sync
requirement later for the 'good folks'), along with setting
'queue_only', limiting per-IP connections, a short delay when all is
less-than-satisfactory, etc.
we use all of it except delaying which only makes exim grow it's number
of process.
Mind you - the attackers aren't in 'learning' mode, but have usually
been pre-programmed to NOT sit on a connection for very long at all.
no, but they repeat many times a day during some days
--
Best regrads ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail [EMAIL PROTECTED]
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
