Raimo Niskanen <[EMAIL PROTECTED]> writes: > What does "lsof -ni:spamd | wc -l" say during the peaks? > On my machine spamd ran out of sockets (about 670).
Depending on the exact properties of the traffic you may get some mileage out of using state tracking options to limit the number of simultaneous connections from a single host, rate of new connections etc and creative use of overload tables. Much like the mainly ssh focused example at [1], only the technique is a general one and could just as easily be applied to SMTP connections. [1] http://home.nuug.no/~peter/pf/en/bruteforce.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.