Joseph Brennan wrote:
To some extent I've reduced the problem with--
define(`confBAD_RCPT_THROTTLE', `2')
--in sendmail.mc, cutting down on how many addresses they can check.
The concept was that zombies don't queue and re-try. However our logs
recently have evidence that now they do re-try.
Um.... that doesn't cut them off after two hits, it just causes the
server to pause before acknowledging each subsequent recipient the
client asks for in that session.
It ties up the attacker's resources a bit longer, and it cuts down on
the amount of your bandwidth that they suck.
There is also confMAX_RCPTS_PER_MESSAGE, which limits the total number
of recipients any message can target. But that includes valid recipients.
--
Kelson Vibber
SpeedGate Communications, <www.speed.net>
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
