On 9/6/07, Jeff Chan <[EMAIL PROTECTED]> wrote: > > Quoting Rajkumar S <[EMAIL PROTECTED]>: > > > Hi, > > > > Does any one seeing increasing smtp concurrency for the past couple of > > weeks? I run couple of (qmail/simscan/spamassassin) mail servers and > > all experience the same problem. The spam does not increase, but this > > is hogging my mail servers. Probably a new crop of spamming tools? > > > > I am attaching one qmail-mtrg graph that shows the problem. > > > > http://img403.imageshack.us/img403/2224/smtpmonthyq4.png > > > > raj > > > > > Some botnets are starting to hold mail connections open for much longer > after > getting a 5xxx blacklist response. Reason is unknown; could be coding > errors > or deliberate. Many people are changing their smtpd timeouts form the RFC > 300 > seconds down to 45 seconds: > > http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx > > Here's the postfix for it: > > > ## to deal with botnets not hanging up > # Drop default from RFC limit of 300s to 45s > # > smtpd_timeout = 45s > > > Some people are even using 10 seconds, which seems short to me. The RFC > requires 300 seconds. > > Jeff C. >
Same problem here on several servers. Reducing the timeout helps, but violates RFC and is simply reducing the effects rather than fixing the issue. Is there any RFC valid way for a server to hang up on a client, especially after a 5xx? -Aaron
