Also, if your running postfix as your MTA, you could set: smtpd_error_sleep_time = 60 smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 6
or simular in main.cf (adjust these numbers to suit your boxes needs/mail volume). This creates a sudo tarpit effect. I got attacked a while back for about 3 days, then they gave up. Whois showed the IP range was from a university (go figure). -- Regards, Jon Mike Hatz said: > Hi, > > This might not be the right place to ask for this help, but since I am under a spam-based attack, I figured the collective group might be able to help out or have defended against such nonsense. > > My mail server is a linux machine running RH9. It has been getting wailed on by rumplestiltskin attacks for weeks now. I have modded my sendmail.cf pretty heavily to help fight against it with various RBLs and BAD RCPT throttles. > > However, my friends who are acting as my secondary mail spoolers are getting flattened by the volume of the attack, since I suspect that it might actually be attempting to attack and relay through the secondary MX records besides hitting the primary MX record. > > I have spent hours googling around to look for solutions, even a solution that would use iptables and simply drop the inbound smtp connections for say 24-hours, if it triggers a throttle or a 550 response in sendmail. > > How can I determine the root of all of this? > > How can I keep the secondary's from getting pummeled? > > Thanks for any help. I'll post a summary of all the things I have done so far, as well as your answers. > > Mike >
