Re: [plug] DoS by SirCamm

Tue, 14 Aug 2001 03:36:01 -0700 

It wouldn't cause a DoS on your system if postfix is rejecting SirCam
infected mail. Try to rotate your logs daily, and don't keep a copy of the
previous log. The only problem with postfix body_checks, is that all mail
with a line 'Hi! How are you?' would be rejected.

-- 
Mike

On Tue, 14 Aug 2001, neuroticimbecile wrote:

> On Tue, 14 Aug 2001, you wrote:
> > Hi, guys
> >
> >     I'd like to ask for your opinions on how to handle SirCamm DoS
> > attacks. We've setup postfix to reject SirCamm-infected mail, but
> > unfortunately, our logs quickly filled up (which caused us a LOT of
> > annoyance) -- with roughly 380MB of SirCamm attempts.
> >
> >     I asked some people around (some from the postfix mailing list)
> > whether it was possible to simply reject mail outright but was told that
> > postfix has first to get it, then check, then accept/reject it.
> >
> >     I called up some ISPs about their users sending us these kind of
> > mail and requested that they filter it on their end, and some willingly
> > obliged, while others had to be reminded. SirCamm's "infection" isn't
> > what's bugging us, but its the potential DoS that it can do.
> >
> >     Right now, we've set it up to not log SirCamm attacks, but that
> > doesn't exactly solve the problem. :)
> >
> >     Any tips would be appreciated. :)
>
> ... tips,
>
> if you're getting that much reject logs... as an added precaution, you can
> configure logrotate to rotate based on size and not on a monthly/weekly basis.
> and set appropriately how many old logs to keep.  this way, your /var/log
> partition should (theoretically) never run out of space because of the reject
> logs.
>
> hth,
> -eric
> --
>  .--.  Enrique D. Rosel II                     office://+63.2.894.3592/
> ( () ) Q Linux Solutions, Inc.
>  `--\\ A Philippine Open Source Solutions Co.  http://www.q-linux.com/
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
>[EMAIL PROTECTED]
>

_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to