Hi, guys
I'd like to ask for your opinions on how to handle SirCamm DoS
attacks. We've setup postfix to reject SirCamm-infected mail, but
unfortunately, our logs quickly filled up (which caused us a LOT of
annoyance) -- with roughly 380MB of SirCamm attempts.
I asked some people around (some from the postfix mailing list)
whether it was possible to simply reject mail outright but was told that
postfix has first to get it, then check, then accept/reject it.
I called up some ISPs about their users sending us these kind of
mail and requested that they filter it on their end, and some willingly
obliged, while others had to be reminded. SirCamm's "infection" isn't
what's bugging us, but its the potential DoS that it can do.
Right now, we've set it up to not log SirCamm attacks, but that
doesn't exactly solve the problem. :)
Any tips would be appreciated. :)
--------------------------------------
Gino LV. Ledesma
Ateneo Cervini-Eliazo Networks (ACENT)
email : [EMAIL PROTECTED]
web : http://cersa.admu.edu.ph/
phone : (63)(2) 426-6001 ext. 5925/5904
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
