On Sat, Sep 1, 2012 at 11:09 PM, turgut kalfaoğlu <tur...@kalfaoglu.com>wrote:
> On 09/02/2012 01:39 AM, Marcin Orlowski wrote: > > J.R. Lillard wrote on 2012-09-02 00:30: > >> Iptables was my first thought but half a million ips seemed like too > >> much for it. How many rules have you had with your script? > > IPs are part of classes. If you i.e. got no legit users from certain > > class, nor your logs do not show any legit mails comming from certain > > class, ban whole class C and even B and further when needed. Let users > > know you are fighting DDOS, so they will be aware of some sacrifices. > I recently banned all of China from smtp_auth on my server.. No > complaints from legitimate customers so far -- China ranges are > available on the net. > fail2ban is great, use that too.. Perhaps connections-per-source > limiting from xinetd is also a good idea.. Good luck.. -t > It doesn't appear to be limited to a specific geographical region. Errors in August: 3,252,186 Unique IPs: 900,169 Unique Class Cs: 80,793 Unique Class Bs: 8,126 Unique Class As: 176 I'm still not comfortable blocking with iptables at any level. Class A blocks would be too broad and Class B blocks would be too numerous. -- J.R. Lillard System / Network Admin Web Programmer Hyphen Communications
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users