Penalties work quite fine...
In postfix:
Every miss for a valid address get penalized by several seconds, if
$count of misses occured, dropping the connection after $count of
errors, combined with a connection limit.
Say you allow the same server to connect 5 times per minute, with a 2
seconds delay and a drop after 10 will give:
Number of addresses per minute: 5 * 10 = 50
Delay for 50 addresses = ~100secs (20secs if 5 connections are made in
parallel - but the connection will be dropped for the next 40 seconds at
the smtp greeting)
The smtp service will probably be hammered though - but it will at least
cost you less cpu cycles to drop the connection at the smtp greeting,
than checking if the recipient is valid.
There are some nice 3rd-party tools (mailgraph, pflogsum) that give you
some insight what's happening and postfix logs the connection statistics
- one of this tool will certainly give you some insight what IPs you'd
like to nullroute...
I dunno about exim's or sendmail's or $your_favourite_mta's
possibilities - but we live with this thing quite well over here...
On Mon, Apr 11, 2005 at 20:50:33 +0200, Matthias Hertzog wrote:
> Does anyone of you out there has a "fit for all purpose"-solution to such
> things? We had a similar attack a few weeks ago and solved it with some
> additional hardware to open more incoming slots. That worked fine and was a
as always - my 2c
Philipp
--
_;\_ Philipp Morger / PHM2-RIPE System & Network Administrator
/_. \ Dolphins Network Systems AG Phone +41-1-847'45'45
|/ -\ .) Email: <[EMAIL PROTECTED]>
-'^`- \; Don't send mail to: [EMAIL PROTECTED]
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
