Thanks Marius, Scott Neader, Wolfgang Breyha, Xander Harkness for looking into this and sending your recommendations and suggestions. We implemented both suggestions.
We set smtp_accept_max_per_host to 4. We also set up PTR record check on incoming connections. For those that do not have reverse DNS set up the connection to port 25 is being established first before the reverse DNS check is used and the connection closed so there are still connections getting established from IPs without reverse DNS set up. We have increased the maximum number of simultaneous connections to 200 and with the PTR check in place this has now opened up more connections for valid mail servers and we are now able to get incoming mails to the server. The attack is still going on though. In 5 hours so far today there has been more than 620,000 connection requests from 7200+ different IPs. The server does not seem to have the required kernel modules to enable tarpitting and the server support has communicated that protecting against DDOS is not within their capability levels and that I should explore commercial DDOS protection mechanisms. I explored a bit but found most to be very expensive compared to the hosting plan. Not sure how to take things forward from here. Thanks once again for your suggestions. Thanks Anoop -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
