On Wed, Mar 10, 1999 at 06:27:14PM -0000, Russell Nelson wrote:
> Rick McMillin writes:
> > Does anyone know of any good reasons as to why QMail is better
> > suited to handle this attack?
>
This whole thread has me wondering. I had a site start hitting on my smtp
port a week or so ago. It just kept hitting the port, but didn't appear to
be actually trying to negotiate any protocol transfers. There was no mail from
or rcpt to, yet they just kept hitting the port, twice per second.
If I killed qmail-smtp and restarted, they would immediately jump over to
the backup MX and start the same process.
The problems I had with it seemed only two, filling up my syslog and hogging
the smtp port, slowing down legitimate smtp activity.
I ended up blocking them at the router.
I wonder if this was in any way related to this rcpt to attack?
--
Brad Shelton [EMAIL PROTECTED]
On Line Exchange http://ole.net
Detroit News http://detnews.com
