On Tue, 14 Aug 2001, you wrote:
> Hi, guys
>
> I'd like to ask for your opinions on how to handle SirCamm DoS
> attacks. We've setup postfix to reject SirCamm-infected mail, but
> unfortunately, our logs quickly filled up (which caused us a LOT of
> annoyance) -- with roughly 380MB of SirCamm attempts.
>
> I asked some people around (some from the postfix mailing list)
> whether it was possible to simply reject mail outright but was told that
> postfix has first to get it, then check, then accept/reject it.
>
> I called up some ISPs about their users sending us these kind of
> mail and requested that they filter it on their end, and some willingly
> obliged, while others had to be reminded. SirCamm's "infection" isn't
> what's bugging us, but its the potential DoS that it can do.
>
> Right now, we've set it up to not log SirCamm attacks, but that
> doesn't exactly solve the problem. :)
>
> Any tips would be appreciated. :)
... tips,
if you're getting that much reject logs... as an added precaution, you can
configure logrotate to rotate based on size and not on a monthly/weekly basis.
and set appropriately how many old logs to keep. this way, your /var/log
partition should (theoretically) never run out of space because of the reject
logs.
hth,
-eric
--
.--. Enrique D. Rosel II office://+63.2.894.3592/
( () ) Q Linux Solutions, Inc.
`--\\ A Philippine Open Source Solutions Co. http://www.q-linux.com/
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
