Hi Tor,
I'm more or less 100% convinced that my James installation is
configured properly, but the last few days, a "spam wave" managed to
fill up my spool table again with SMTP connects from a UK IP address.
Is there anything I can do to more easily find the reason why James
thinks it's ok to spool these mails without authentication from the
client? I've looked into the source code, but did of course not find
anything obviously wrong. The only thing I can see is that SMTP
authentications are logged, which makes me sure that the spammer has
not managed to hack a username/password combination, but is indeed
sending these mails without logging in.
From the partial smtpserver log you showed I wonder if the spammer is
simply trying to send a message containing lots of RCPT commands. If
that's the case then turning on tarpitting [1] may help to regulate how
quickly the spammer can stuff your machine.
I have the following in my config.xml file: -
<smtpserver enabled ="true">
...
<handler>
...
<handlerchain>
...
<handler command="RCPT"
class="org.apache.james.smtpserver.RcptCmdHandler">
<maxRcpt> 100 </maxRcpt>
<tarpitRcptCount> 20 </tarpitRcptCount>
<tarpitSleepTime> 5000 </tarpitSleepTime>
</handler>
...
</handlerchain>
</handler>
</smtpserver>
Regards,
David Legg
[1] http://www.palomine.net/qmail/tarpit.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
