A client has been receiving an attack on this mail gateway�s port 25 for 3
weeks. We increased the postfix SMTPD processes from 50 to 150, and the
hourly msg rejects jumped from 5000 to 15000, roughly. The source addresses
used by the attacker(s) are mostly in the various RBL bases, 100�s of them.
The pb is that the attack is consuming so many SMTPD processes that valid
incoming mail is taking several hours to arrive, as the sender MTA can�t
get an answer when it connects to port 25. the definition of DoS.
Is there anyway to trace the real source of the spoofed packets?
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
