Aaron Wolfe wrote:
On 9/6/07, Jeff Chan <[EMAIL PROTECTED]> wrote:
Quoting Rajkumar S <[EMAIL PROTECTED]>:
Hi,
Does any one seeing increasing smtp concurrency for the past couple of
weeks? I run couple of (qmail/simscan/spamassassin) mail servers and
all experience the same problem. The spam does not increase, but this
is hogging my mail servers. Probably a new crop of spamming tools?
I am attaching one qmail-mtrg graph that shows the problem.
http://img403.imageshack.us/img403/2224/smtpmonthyq4.png
raj
Some botnets are starting to hold mail connections open for much longer
after
getting a 5xxx blacklist response. Reason is unknown; could be coding
errors
or deliberate. Many people are changing their smtpd timeouts form the RFC
300
seconds down to 45 seconds:
http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx
Here's the postfix for it:
## to deal with botnets not hanging up
# Drop default from RFC limit of 300s to 45s
#
smtpd_timeout = 45s
Some people are even using 10 seconds, which seems short to me. The RFC
requires 300 seconds.
Jeff C.
Same problem here on several servers. Reducing the timeout helps, but
violates RFC and is simply reducing the effects rather than fixing the
issue. Is there any RFC valid way for a server to hang up on a client,
especially after a 5xx?
If you suspect this is a zombie (pbl.spamhaus.org, generic rDNS,
"farway", completely broken smtp client...), then return 421 and close
the connection instead of return 5xx.
