Mika Ilmaranta:
>
> Hi,
>
> Let me explain the situation further. One customers domain is hit with
> hundreds of thousands of spam messages to random non existing recipient
> addresses from random sender addresses in bursts that last a few hours.
>
> Recipient verify probes clog every filtering nodes' mail queues with tens of
> thousands verify probes and that effectively stops legitimate mails getting
> through to all other clients too until the verify probes are dealt with.
Clogging can be prevented with a global limit on the number of
address verification probes.
> Obtaining and keeping valid recipient address lists up to date with a few
> thousand domains is not an option due to work load issues involved.
The Postfix address verification CACHE, in its default configuration,
will proactively refresh active addresses before they expire.
Therefore, your DDOS should not affect the verification of active
recipients, only those recipients that have expired or that are new.
This should be sufficient to handle a burst of bogus mail.
A global limit is what I can support on the short term. Your
per-receipient-domain limit is problematic because 1) it leaks
counters when the verify daemon is restarted, and 2) it solves only
the easy half of the problem (recipient domains).
Wietse
