Hi all, One of my email domains has recently been the (repeat) victim of a fairly large-scale joe job. I am seeing thousands of back-scatter bounces for addresses like [EMAIL PROTECTED], [EMAIL PROTECTED], etc. However, when this attacker sends out one of their batches, it is enough to run my lightly loaded 1GB server out of swap within 3-4 minutes. (At which point I need remote hands to do a hard boot, because ssh, login, etc. have been killed by the kernel).
So, there are three problems: 1. Root problem -- the joe job -- Not much to be done about this. 2. Exim accepting bounces for nonexistent addresses--at the very least would like to drop or auto-respond to anything for [EMAIL PROTECTED] 3. Exim memory performance -- I have set the following in exim.conf to attempt to throttle the queue processing: queue_run_max = 5 remote_max_parallel = 1 queue_smtp_domains = 1 Unfortunately, these do not seem to have had an effect. As a stop-gap, I made a cron job that runs once a minute and stops exim if the load average goes above 15, and then restarts it after the load drops. It's not pretty, but it keeps the server alive. What is the best way to handle this? General or specific answers gratefully accepted! Ryan -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
