On Sep 1, 2012, at 11:17 AM, J.R. Lillard <j...@hyphen.org> wrote: > I have a client that uses spamdyke but I am new to it. I've read through the > documentation so I am vaguely familiar with it now. They have been under a > DDOS attack for about a month now. It's not enough to bring their servers > down. Basically it's a bunch of SMTP traffic attempting to send spam. > Spamdyke has been doing a great job of blocking the connections usually with > the DENIED_RDNS_MISSING error. The problem is this attack has been eating up > a lot of their bandwidth. As a temporary measure their ISP has asked them to > just drop the invalid connections instead of issuing the appropriate SMTP > response codes. Is this something spamdyke can be configured to do? I did > not see anything obvious in the documentation.
Are the spammers attempting to deliver spam to their server, or to relay spam through it? On my server, SMTP submission requires authentication (if it didn't, I'd be running an open relay) so I see fairly regular attempts by spammers to guess usernames and passwords. While I think it would take them a very very long time indeed to get anywhere, I don't want to give them the opportunity, so I run fail2ban. fail2ban simply watches the VPOPMail logs and, after a certain number of failed attempts from a given IP, simply adds that IP to the iptables firewall, at which point the spammer's packets just get null-routed and it's all over. fail2ban can actually be configured to watch a variety of logs for a variety of conditions, so even if your problem isn't identical, it might be possible to set up fail2ban watch spamdyke's logs and ban anything that gets DENIED_RDNS_MISSING. That would certainly accomplish the "drop invalid connections" measure suggested by their ISP. I think you can just 'yum install fail2ban' and take it from there. You'll need to read up a bit on how to set up fail2ban's jails, but it's not that complex. If it turns out that spamdyke won't do what you want, try fail2ban. Angus _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
