There should be a limit to the number of emails a user (or rather a virus on his/her machine) can send in a given time slot. If he or she wants to send more than that, the user has to contact the ISP who rises the treshold for the desired time. Of course, this costs extra. I'm sure, this can be automated with a nice form on a webpage. Ideally, the parameters can be chosen in a way to prevent viruses of firing of emails and things would slow down quite a bit.
Roger Leemann
Hi Roger
You talking about anti-hammering/flooding, this is a big problem we all have at the moment.
Do you have any practical experience with the mail/time-slot value? Could be interesting how other isp are setup this value?
And what kind of tools are you using to prevent hammering?
Thanks to swinog and other sources, so far this is what I found to prevent flooding/hammering smtp:
Postfix: ======== PAF (Postfix Anti Flooding) - http://www.gasmi.net/paf.html
Netfilter (Iptables): ===================== connlimit Patch - http://www.netfilter.org/patch-o-matic/pom-base.html
Description: Author: Gerd Knorr <[EMAIL PROTECTED]> Status: ItWorksForMe[tm]
This adds an iptables match which allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block).
Examples:
# allow 2 telnet connections per client host iptables -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
# you can also match the other way around: iptables -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
# limit the nr of parallel http requests to 16 per class C sized
# network (24 bit netmask)
iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 \
--connlimit-mask 24 -j REJECT-> This seem to work "per client IP address". I never tried this patch.
Any other hints how to do this?
Peter Baumann
---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
