We just got the living daylights pounded out of us by a spam host running at 69.6.66.103.
Happens on occasion.
While I know it can be easy to simply block the host, I was wondering if there was some way to avoid the problem all together by potentially identifying hosts attempting to overload the server (Denial Of Service) by throttling down the amount of allowed inbound connections (from external sources) from a single host.
Yes. Sendmail >=8.13.0 has several nice options.
FEATURE(`ratecontrol',`nodelay',`terminate')dnl FEATURE(`conncontrol')dnl define(`confCONNECTION_RATE_WINDOW_SIZE',`60')dnl
I am the SysAdmin for an ISP here in Billings. I am unafraid of using these controls and they have really helped our situation. I limit 25 Connections/sec period. I also limit 3 connections from any one external host/min.
Read all about these and understand exactly what they mean in the Sendmail Doc's. You have all kinds of options in the access file. Of course, you open these through the access file for your authorized nets that you are an MX for. We also use a 10 sec. delay in response that drops anything attempting to jam mail down your throat before receiving a welcome banner from our mail servers.
I occasionally get the "25" connections and deferring at that rate in my logs, but not enough to worry me and we handle ~200,000 emails a day. Adjust your connection/defer times accordingly to your normal load.
Have fun and knock them dead at the gate.
Admittedly, this is a bit off topic.. Mimedefang.pl was the process that was getting hammered (and subsequently drove the CPU load to >16 before we shut down email all together), but I do not think that the fault lies with mimedefang (in fact, I don't think there is any 'fault' here).. it's more a configuration issue at the MTA level (in this case, sendmail).
-Rich _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
John Jaeger - Billings, Montana
EMail To : <mailto:[EMAIL PROTECTED]> Home Page : <http://www.jjgb.com>
PGP: RSA Key ID: 0xAAEC7751 <http://www.jjgb.com/public_files/RSA_Key.zip>
"Our liberty is protected by four boxes...
The ballot box, the jury box, the soap box, and the cartridge box."
- Anonymous_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
